From cc5a171ddcc8e49b2252135daac9ad3aa6d66ae7 Mon Sep 17 00:00:00 2001
From: Viktor Tarasov <viktor.tarasov@gmail.com>
Date: Tue, 25 Dec 2012 20:05:45 +0100
Subject: [PATCH] pkcs15: regression in e35febe: compute cert length

parse_x509_cert() reviewed.
Now certificate's DER data are allocated and the DER data length is determined in one place.

https://github.com/OpenSC/OpenSC/pull/114
https://github.com/OpenSC/OpenSC/commit/e35febe
---
 src/libopensc/pkcs15-cert.c | 37 +++++++++++++++++++------------------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/src/libopensc/pkcs15-cert.c b/src/libopensc/pkcs15-cert.c
index 86bea25..9b08aac 100644
--- a/src/libopensc/pkcs15-cert.c
+++ b/src/libopensc/pkcs15-cert.c
@@ -34,13 +34,13 @@
 #include "pkcs15.h"
 
 static int
-parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs15_cert *cert)
+parse_x509_cert(sc_context_t *ctx, struct sc_pkcs15_der *der, struct sc_pkcs15_cert *cert)
 {
 	int r;
 	struct sc_algorithm_id sig_alg;
-	struct sc_pkcs15_pubkey  * pubkey = NULL;
-	u8 *serial = NULL;
-	size_t serial_len = 0;
+	struct sc_pkcs15_pubkey *pubkey = NULL;
+	unsigned char *serial = NULL, *buf =  der->value;
+	size_t serial_len = 0, data_len = 0, buflen = der->len;
 	struct sc_asn1_entry asn1_version[] = {
 		{ "version", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, &cert->version, NULL },
 		{ NULL, 0, 0, 0, NULL, NULL }
@@ -87,30 +87,32 @@ parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs1
 	if (obj == NULL)
 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "X.509 certificate not found");
 
-	cert->data.len = objlen + (obj - buf);
+	data_len = objlen + (obj - buf);
+	cert->data.value = malloc(data_len);
+	if (!cert->data.value)
+		LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
+	memcpy(cert->data.value, buf, data_len);
+	cert->data.len = data_len;
+
 	r = sc_asn1_decode(ctx, asn1_cert, obj, objlen, NULL, NULL);
 	LOG_TEST_RET(ctx, r, "ASN.1 parsing of certificate failed");
 
 	cert->version++;
 
-	if (pubkey) {
-		cert->key = pubkey;
-		pubkey = NULL;
-	}
-	else {
+	if (!pubkey)
 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "Unable to decode subjectPublicKeyInfo from cert");
-	}
+	cert->key = pubkey;
+
 	sc_asn1_clear_algorithm_id(&sig_alg);
-	if (r < 0)
-		return r;
 
 	if (serial && serial_len)   {
 		sc_format_asn1_entry(asn1_serial_number + 0, serial, &serial_len, 1);
 		r = sc_asn1_encode(ctx, asn1_serial_number, &cert->serial, &cert->serial_len);
 		free(serial);
+		LOG_TEST_RET(ctx, r, "ASN.1 encoding of serial failed");
 	}
 
-	return r;
+	return SC_SUCCESS;
 }
 
 
@@ -125,7 +127,7 @@ sc_pkcs15_pubkey_from_cert(struct sc_context *ctx,
 	if (cert == NULL)
 		return SC_ERROR_OUT_OF_MEMORY;
 
-	rv = parse_x509_cert(ctx, cert_blob->value, cert_blob->len, cert);
+	rv = parse_x509_cert(ctx, cert_blob, cert);
 
 	*out = cert->key;
 	cert->key = NULL;
@@ -158,20 +160,19 @@ sc_pkcs15_read_certificate(struct sc_pkcs15_card *p15card, const struct sc_pkcs1
 		return SC_ERROR_OBJECT_NOT_FOUND;
 	}
 
-
 	cert = malloc(sizeof(struct sc_pkcs15_cert));
 	if (cert == NULL) {
 		free(der.value);
 		return SC_ERROR_OUT_OF_MEMORY;
 	}
 	memset(cert, 0, sizeof(struct sc_pkcs15_cert));
-	if (parse_x509_cert(p15card->card->ctx, der.value, der.len, cert)) {
+	if (parse_x509_cert(p15card->card->ctx, &der, cert)) {
 		free(der.value);
 		sc_pkcs15_free_certificate(cert);
 		return SC_ERROR_INVALID_ASN1_OBJECT;
 	}
+	free(der.value);
 
-	cert->data = der;
 	*cert_out = cert;
 	return SC_SUCCESS;
 }
-- 
1.8.1