lib: resolves potential reads of uninitialized data
This commit is contained in:
+2
-1
@@ -274,8 +274,9 @@ ykpiv_rc ykpiv_util_list_keys(ykpiv_state *state, uint8_t *key_count, ykpiv_key
|
|||||||
|
|
||||||
for (i = 0; i < sizeof(SLOTS); i++) {
|
for (i = 0; i < sizeof(SLOTS); i++) {
|
||||||
cbBuf = sizeof(buf);
|
cbBuf = sizeof(buf);
|
||||||
|
res = _read_certificate(state, SLOTS[i], buf, &cbBuf);
|
||||||
|
|
||||||
if (YKPIV_OK == (res = _read_certificate(state, SLOTS[i], buf, &cbBuf))) {
|
if ((res == YKPIV_OK) && (cbBuf > 0)) {
|
||||||
// add current slot to result, grow result buffer if necessary
|
// add current slot to result, grow result buffer if necessary
|
||||||
|
|
||||||
cbRealloc = (sizeof(ykpiv_key) + cbBuf - 1) > (cbData - offset) ? MAX((sizeof(ykpiv_key) + cbBuf - 1) - (cbData - offset), CB_PAGE) : 0;
|
cbRealloc = (sizeof(ykpiv_key) + cbBuf - 1) > (cbData - offset) ? MAX((sizeof(ykpiv_key) + cbBuf - 1) - (cbData - offset), CB_PAGE) : 0;
|
||||||
|
|||||||
+11
@@ -1044,6 +1044,12 @@ static ykpiv_rc _ykpiv_get_version(ykpiv_state *state, ykpiv_version_t *p_versio
|
|||||||
if((res = _send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
|
if((res = _send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
|
||||||
return res;
|
return res;
|
||||||
} else if(sw == SW_SUCCESS) {
|
} else if(sw == SW_SUCCESS) {
|
||||||
|
|
||||||
|
/* check that we received enough data for the verson number */
|
||||||
|
if (recv_len < 3) {
|
||||||
|
return YKPIV_SIZE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
state->ver.major = data[0];
|
state->ver.major = data[0];
|
||||||
state->ver.minor = data[1];
|
state->ver.minor = data[1];
|
||||||
state->ver.patch = data[2];
|
state->ver.patch = data[2];
|
||||||
@@ -1182,6 +1188,11 @@ static ykpiv_rc _ykpiv_get_serial(ykpiv_state *state, uint32_t *p_serial, bool f
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* check that we received enough data for the serial number */
|
||||||
|
if (recv_len < 4) {
|
||||||
|
return YKPIV_SIZE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
p_temp = (uint8_t*)(&state->serial);
|
p_temp = (uint8_t*)(&state->serial);
|
||||||
|
|
||||||
*p_temp++ = data[3];
|
*p_temp++ = data[3];
|
||||||
|
|||||||
Reference in New Issue
Block a user