Re: [opensc-devel] Crash in sc_pkcs15init_update_file when selecting a file fails

Tue, 27 Apr 2010 08:28:46 -0700 

Ludovic Rousseau wrote:

Hello,

$ gdb pkcs15-init
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(gdb) set args --create-pkcs15 --profile pkcs15+onepin
--use-default-transport-key --pin 0000 --puk 111111 --label "Ludovic
Rousseau"
(gdb) r
Starting program: /usr/bin/pkcs15-init --create-pkcs15 --profile
pkcs15+onepin --use-default-transport-key --pin 0000 --puk 111111
--label "Ludovic Rousseau"
[Thread debugging using libthread_db enabled]
[New Thread 0xb7b746b0 (LWP 18820)]
Using reader with a card: Gemalto GemPC Pinpad 00 00

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7b746b0 (LWP 18820)]
0xb7eef748 in sc_pkcs15init_update_file (profile=0x805d9c8, p15card=0x805daa0,
    file=0x805e4d0, data=0xbfffbc8f, datalen=128) at pkcs15-lib.c:3259
3259            if (selected_file->size < datalen) {
(gdb) bt
#0  0xb7eef748 in sc_pkcs15init_update_file (profile=0x805d9c8,
    p15card=0x805daa0, file=0x805e4d0, data=0xbfffbc8f, datalen=128)
    at pkcs15-lib.c:3259
#1  0xb7ef50ca in sc_pkcs15init_add_app (card=0x805d898, profile=0x805d9c8,
    args=0xbfffc6f4) at pkcs15-lib.c:3671
#2  0x0804e331 in main (argc=Cannot access memory at address 0x11
) at pkcs15-init.c:721
(gdb) p selected_file
$1 = (struct sc_file *) 0x0
(gdb) p r
$2 = -1073759912
(gdb)


I have a crash because the APDU "00 A4 00 00 02 49 46 00" failed at
the PCSC layer (SCardTransmit() Card not transacted: 0x80100016)

So selected_file is then NULL but the code tries to access
selected_file->size. Crash!

The value of r, the returned value of sc_select_file(), is strange to me.

What should be the correct way to handle this case in the code?


Can you try the attached patch, please ?


Side note: the SCardTransmit() failed because OpenSC tried a secure
verify pin that was rejected by the reader and the CCID driver have a
bug in that specific case with a T=1 card and a TPDU reader (now
corrected).



--
Viktor Tarasov  <viktor.tara...@opentrust.com>


diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index e456504..7aa5670 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -3253,8 +3253,11 @@ sc_pkcs15init_update_file(struct sc_profile *profile,
 		SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to create file");
 		
 		r = sc_select_file(p15card->card, &file->path, &selected_file);
+		SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to select newly created file");
+	}
+	else   {
 		SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to select file");
-	} 
+	}	
 
 	if (selected_file->size < datalen) {
 		sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "File %s too small (require %u, have %u)", 

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to