scd: Fix possible NULL deref in apdu.c
authorWerner Koch <wk@gnupg.org>
Sun, 15 Mar 2015 11:15:55 +0000 (12:15 +0100)
committerNIIBE Yutaka <gniibe@fsij.org>
Wed, 15 Apr 2015 07:06:06 +0000 (16:06 +0900)
commitb4ec909186d0150c835942754283ecc2bdf6e3e0
tree54be10c230b363122d9c5d3855c44b477cb324e0
parent067b6360be6733f6faf7a6438f61393fdb7a5fb3
scd: Fix possible NULL deref in apdu.c

* scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL.
(control_pcsc_wrapped): Ditto.
--

pcsc_vendor_specific_init calls the above with BUFFER and BUFLEN as
NULL.

Reported by Stack 0.3:

  bug: anti-dce
  model: |
    control_pcsc.exit77:
    %retval.0.i.i76 = phi i32 [ %rc.0.i.i.i73, \
            %pcsc_error_to_sw.exit.i.i74 ], [ 0, %if.end.i.i75 ]
    %tobool198 = icmp ne i32 %retval.0.i.i76, 0, !dbg !728
    br i1 %tobool198, label %if.then199, label %if.end200, !dbg !728
  stack:
    - /home/wk/s/gnupg/scd/apdu.c:1882:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/scd/apdu.c:1309:0
      - buffer overflow

(backported from 2.1 commit ef0a3abf7305133d071bf1a94a7f461082f9a9aa)
scd/apdu.c