Backport from minidriver: 11788a4a36bf83a01104700f171774336086e9b4
commit 11788a4a36bf83a01104700f171774336086e9b4 Author: Dave Pate <dpate@yubico.com> Date: Tue Jul 18 18:28:48 2017 -0700 Fixes #114 - jump to cleanup section in ykpiv_util_write_mscmap on invalid size
This commit is contained in:
+10
-7
@@ -239,7 +239,7 @@ ykpiv_rc ykpiv_util_list_keys(ykpiv_state *state, uint8_t *key_count, ykpiv_key
|
|||||||
const uint8_t SLOTS[] = {
|
const uint8_t SLOTS[] = {
|
||||||
YKPIV_KEY_AUTHENTICATION,
|
YKPIV_KEY_AUTHENTICATION,
|
||||||
YKPIV_KEY_SIGNATURE,
|
YKPIV_KEY_SIGNATURE,
|
||||||
YKPIV_KEY_KEYMGM,
|
YKPIV_KEY_KEYMGM,
|
||||||
YKPIV_KEY_RETIRED1,
|
YKPIV_KEY_RETIRED1,
|
||||||
YKPIV_KEY_RETIRED2,
|
YKPIV_KEY_RETIRED2,
|
||||||
YKPIV_KEY_RETIRED3,
|
YKPIV_KEY_RETIRED3,
|
||||||
@@ -298,8 +298,8 @@ ykpiv_rc ykpiv_util_list_keys(ykpiv_state *state, uint8_t *key_count, ykpiv_key
|
|||||||
|
|
||||||
cbData += cbRealloc;
|
cbData += cbRealloc;
|
||||||
|
|
||||||
// If ykpiv_key is misaligned or results in padding, this causes problems
|
// If ykpiv_key is misaligned or results in padding, this causes problems
|
||||||
// in the array we return. If this becomes a problem, we'll probably want
|
// in the array we return. If this becomes a problem, we'll probably want
|
||||||
// to go with a flat byte array.
|
// to go with a flat byte array.
|
||||||
|
|
||||||
pKey = (ykpiv_key*)(pData + offset);
|
pKey = (ykpiv_key*)(pData + offset);
|
||||||
@@ -452,7 +452,7 @@ ykpiv_rc ykpiv_util_write_mscmap(ykpiv_state *state, ykpiv_container *containers
|
|||||||
// we intend to delete the object
|
// we intend to delete the object
|
||||||
if ((NULL == containers) || (0 == n_containers)) {
|
if ((NULL == containers) || (0 == n_containers)) {
|
||||||
|
|
||||||
// if either containers or n_containers are non-zero, return an error,
|
// if either containers or n_containers are non-zero, return an error,
|
||||||
// that we only delete strictly when both are set properly
|
// that we only delete strictly when both are set properly
|
||||||
if ((NULL != containers) || (0 != n_containers)) {
|
if ((NULL != containers) || (0 != n_containers)) {
|
||||||
res = YKPIV_GENERIC_ERROR;
|
res = YKPIV_GENERIC_ERROR;
|
||||||
@@ -469,7 +469,10 @@ ykpiv_rc ykpiv_util_write_mscmap(ykpiv_state *state, ykpiv_container *containers
|
|||||||
// calculate the required length of the encoded object
|
// calculate the required length of the encoded object
|
||||||
req_len = 1 /* data tag */ + _ykpiv_set_length(buf, data_len) + data_len;
|
req_len = 1 /* data tag */ + _ykpiv_set_length(buf, data_len) + data_len;
|
||||||
|
|
||||||
if (req_len > _obj_size_max(state)) return YKPIV_SIZE_ERROR;
|
if (req_len > _obj_size_max(state)) {
|
||||||
|
res = YKPIV_SIZE_ERROR;
|
||||||
|
goto Cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
buf[offset++] = TAG_MSCMAP;
|
buf[offset++] = TAG_MSCMAP;
|
||||||
offset += _ykpiv_set_length(buf + offset, data_len);
|
offset += _ykpiv_set_length(buf + offset, data_len);
|
||||||
@@ -592,7 +595,7 @@ ykpiv_rc ykpiv_util_write_msroots(ykpiv_state *state, uint8_t *data, size_t data
|
|||||||
// we intend to delete the object
|
// we intend to delete the object
|
||||||
if ((NULL == data) || (0 == data_len)) {
|
if ((NULL == data) || (0 == data_len)) {
|
||||||
|
|
||||||
// if either data or data_len are non-zero, return an error,
|
// if either data or data_len are non-zero, return an error,
|
||||||
// that we only delete strictly when both are set properly
|
// that we only delete strictly when both are set properly
|
||||||
if ((NULL != data) || (0 != data_len)) {
|
if ((NULL != data) || (0 != data_len)) {
|
||||||
res = YKPIV_GENERIC_ERROR;
|
res = YKPIV_GENERIC_ERROR;
|
||||||
@@ -955,7 +958,7 @@ static ykpiv_rc _write_certificate(ykpiv_state *state, uint8_t slot, uint8_t *da
|
|||||||
// check if data or data_len are zero, this means that we intend to delete the object
|
// check if data or data_len are zero, this means that we intend to delete the object
|
||||||
if ((NULL == data) || (0 == data_len)) {
|
if ((NULL == data) || (0 == data_len)) {
|
||||||
|
|
||||||
// if either data or data_len are non-zero, return an error,
|
// if either data or data_len are non-zero, return an error,
|
||||||
// that we only delete strictly when both are set properly
|
// that we only delete strictly when both are set properly
|
||||||
if ((NULL != data) || (0 != data_len)) {
|
if ((NULL != data) || (0 != data_len)) {
|
||||||
return YKPIV_GENERIC_ERROR;
|
return YKPIV_GENERIC_ERROR;
|
||||||
|
|||||||
Reference in New Issue
Block a user