From 2e72c8f85c63639584bafb713cfd64be8535aa1b Mon Sep 17 00:00:00 2001 From: Dave Pate Date: Mon, 7 Jan 2019 14:20:01 -0800 Subject: [PATCH] lib: resolves potential reads of uninitialized data --- lib/util.c | 3 ++- lib/ykpiv.c | 11 +++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/util.c b/lib/util.c index 4133187..a978d01 100644 --- a/lib/util.c +++ b/lib/util.c @@ -274,8 +274,9 @@ ykpiv_rc ykpiv_util_list_keys(ykpiv_state *state, uint8_t *key_count, ykpiv_key for (i = 0; i < sizeof(SLOTS); i++) { cbBuf = sizeof(buf); + res = _read_certificate(state, SLOTS[i], buf, &cbBuf); - if (YKPIV_OK == (res = _read_certificate(state, SLOTS[i], buf, &cbBuf))) { + if ((res == YKPIV_OK) && (cbBuf > 0)) { // add current slot to result, grow result buffer if necessary cbRealloc = (sizeof(ykpiv_key) + cbBuf - 1) > (cbData - offset) ? MAX((sizeof(ykpiv_key) + cbBuf - 1) - (cbData - offset), CB_PAGE) : 0; diff --git a/lib/ykpiv.c b/lib/ykpiv.c index 3466b12..49f284f 100644 --- a/lib/ykpiv.c +++ b/lib/ykpiv.c @@ -1044,6 +1044,12 @@ static ykpiv_rc _ykpiv_get_version(ykpiv_state *state, ykpiv_version_t *p_versio if((res = _send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) { return res; } else if(sw == SW_SUCCESS) { + + /* check that we received enough data for the verson number */ + if (recv_len < 3) { + return YKPIV_SIZE_ERROR; + } + state->ver.major = data[0]; state->ver.minor = data[1]; state->ver.patch = data[2]; @@ -1182,6 +1188,11 @@ static ykpiv_rc _ykpiv_get_serial(ykpiv_state *state, uint32_t *p_serial, bool f } } + /* check that we received enough data for the serial number */ + if (recv_len < 4) { + return YKPIV_SIZE_ERROR; + } + p_temp = (uint8_t*)(&state->serial); *p_temp++ = data[3];