libcacard issueshttps://gitlab.freedesktop.org/spice/libcacard/-/issues2023-09-14T04:11:56Zhttps://gitlab.freedesktop.org/spice/libcacard/-/issues/16test failures because of a global-buffer-overflow2023-09-14T04:11:56ZAgostino Sarubbotest failures because of a global-buffer-overflowOur [Gentoo Tinderbox](https://blogs.gentoo.org/ago/2020/07/04/gentoo-tinderbox/) reported a test failure at [bug 914042](https://bugs.gentoo.org/914042) (see attached build.log and test-suite.log) because of a global-buffer-overflow:
`...Our [Gentoo Tinderbox](https://blogs.gentoo.org/ago/2020/07/04/gentoo-tinderbox/) reported a test failure at [bug 914042](https://bugs.gentoo.org/914042) (see attached build.log and test-suite.log) because of a global-buffer-overflow:
```
# libcacard-DEBUG: vreader_xfr_bytes: CLS=0x80,INS=0x4c,P1=0x12,P2=0x0,Lc=2,Le=256 get acr
==223==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f72649214bc at pc 0x7f7264906fc8 bp 0x7ffe24ba0aa0 sp 0x7ffe24ba0a90
READ of size 4 at 0x7f72649214bc thread T0
#0 0x7f7264906fc7 in cac_aca_get_applet_acr_coid src/cac-aca.c:814
#1 0x7f7264906fc7 in cac_aca_get_applet_acr_response_simpletlv src/cac-aca.c:1170
#2 0x7f7264906fc7 in cac_aca_get_applet_acr_response src/cac-aca.c:1308
#3 0x7f7264900a29 in cac_applet_aca_process_apdu src/cac.c:657
#4 0x7f72649097c5 in vcard_process_apdu src/card_7816.c:787
#5 0x7f7264911e79 in vreader_xfr_bytes src/vreader.c:273
#6 0x555c67185d0c in get_acr tests/libcacard.c:354
#7 0x555c671883a4 in test_cac_aca tests/libcacard.c:516
#8 0x7f72648338ad (/usr/lib64/libglib-2.0.so.0+0x838ad)
#9 0x7f72648336a2 (/usr/lib64/libglib-2.0.so.0+0x836a2)
#10 0x7f7264833dc1 in g_test_run_suite (/usr/lib64/libglib-2.0.so.0+0x83dc1)
#11 0x7f7264833e47 in g_test_run (/usr/lib64/libglib-2.0.so.0+0x83e47)
#12 0x555c6706b951 in main tests/libcacard.c:1117
#13 0x7f7264423c89 (/lib64/libc.so.6+0x23c89)
#14 0x7f7264423d44 in __libc_start_main (/lib64/libc.so.6+0x23d44)
#15 0x555c6706bb20 in _start (/var/tmp/portage/app-emulation/libcacard-2.6.0/work/libcacard-2.6.0/tests/.libs/libcacard+0xeb20)
0x7f72649214bc is located 36 bytes before global variable 'service_table' defined in 'src/cac-aca.c:290:29' (0x7f72649214e0) of size 360
0x7f72649214bc is located 4 bytes after global variable 'applets_table' defined in 'src/cac-aca.c:447:20' (0x7f7264920200) of size 4792
SUMMARY: AddressSanitizer: global-buffer-overflow src/cac-aca.c:814 in cac_aca_get_applet_acr_coid
Shadow bytes around the buggy address:
0x7f7264921200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f7264921280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f7264921300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f7264921380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f7264921400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x7f7264921480: 00 00 00 00 00 00 00[f9]f9 f9 f9 f9 00 00 00 00
0x7f7264921500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f7264921580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f7264921600: 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9
0x7f7264921680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f7264921700: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==223==ABORTING
```
I didn't look deeply into the issue and I don't know if the bug is in the unittest itself or it is in the library involved in the test (and then possible security implications)
If I can help further, please let me know.https://gitlab.freedesktop.org/spice/libcacard/-/issues/15Failure in CI2023-06-12T11:21:58ZFrediano ZiglioFailure in CISometimes the `Fedora memcheck` job is failing. When this happens the job timeout. I saw the issue twice (first time I just restarted thinking it was a system issue)
In one report I found (not sure if it's related)
```
==6256== Thread 3...Sometimes the `Fedora memcheck` job is failing. When this happens the job timeout. I saw the issue twice (first time I just restarted thinking it was a system issue)
In one report I found (not sure if it's related)
```
==6256== Thread 3:
==6256== Conditional jump or move depends on uninitialised value(s)
==6256== at 0x4AB5B28: ??? (in /usr/lib64/libnss3.so)
==6256== by 0x4AB5E65: SECMOD_WaitForAnyTokenEvent (in /usr/lib64/libnss3.so)
==6256== by 0x4862D34: vcard_emul_event_thread (vcard_emul_nss.c:830)
==6256== by 0x4BF6412: ??? (in /usr/lib64/libnspr4.so)
==6256== by 0x4C9912C: start_thread (in /usr/lib64/libc.so.6)
==6256== by 0x4D19D73: clone (in /usr/lib64/libc.so.6)
==6256==
```https://gitlab.freedesktop.org/spice/libcacard/-/issues/1418908025 commit breaks xf86-video-qxl2023-06-08T09:57:59ZTomasz Kłoczko18908025 commit breaks xf86-video-qxlLooks like 18908025 commit breaks xf86-video-qxl
```console
[tkloczko@pers-jacek xf86-video-qxl-0.1.6]$ make
make all-recursive
make[1]: Entering directory '/home/tkloczko/rpmbuild/BUILD/xf86-video-qxl-0.1.6'
Making all in src
make[2]: ...Looks like 18908025 commit breaks xf86-video-qxl
```console
[tkloczko@pers-jacek xf86-video-qxl-0.1.6]$ make
make all-recursive
make[1]: Entering directory '/home/tkloczko/rpmbuild/BUILD/xf86-video-qxl-0.1.6'
Making all in src
make[2]: Entering directory '/home/tkloczko/rpmbuild/BUILD/xf86-video-qxl-0.1.6/src'
Making all in uxa
make[3]: Entering directory '/home/tkloczko/rpmbuild/BUILD/xf86-video-qxl-0.1.6/src/uxa'
make[3]: Nothing to be done for 'all'.
make[3]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/xf86-video-qxl-0.1.6/src/uxa'
Making all in spiceccid
make[3]: Entering directory '/home/tkloczko/rpmbuild/BUILD/xf86-video-qxl-0.1.6/src/spiceccid'
CC libspiceccid_la-spiceccid.lo
In file included from spiceccid.c:47:
/usr/include/cacard/vscard_common.h:26:10: fatal error: glib.h: No such file or directory
26 | #include <glib.h>
| ^~~~~~~~
compilation terminated.
make[3]: *** [Makefile:504: libspiceccid_la-spiceccid.lo] Error 1
make[3]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/xf86-video-qxl-0.1.6/src/spiceccid'
make[2]: *** [Makefile:990: all-recursive] Error 1
make[2]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/xf86-video-qxl-0.1.6/src'
make[1]: *** [Makefile:461: all-recursive] Error 1
make[1]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/xf86-video-qxl-0.1.6'
make: *** [Makefile:393: all] Error 2
```
From https://people.freedesktop.org/~dbn/pkg-config-guide.html
> Requires and Requires.private define other modules needed by the library. It is usually preferred to use the private variant of Requires to avoid exposing unnecessary libraries to the program that is linking with your library. If the program will not be using the symbols of the required library, it should not be linking directly to that library. See the discussion of overlinking for a more thorough explanation.
> Since pkg-config always exposes the link flags of the Requires libraries, these modules will become direct dependencies of the program. On the other hand, libraries from **Requires.private will only be included when static linking**. For this reason, it is usually only appropriate to add modules from the same package in Requires.https://gitlab.freedesktop.org/spice/libcacard/-/issues/132.8.1 release tarball on spice-space.org ?2021-08-19T08:36:35ZToolybird2.8.1 release tarball on spice-space.org ?Latest release tarball hasn't yet appeared on:
https://www.spice-space.org/download/libcacard/
Oversight or on purpose?
CheersLatest release tarball hasn't yet appeared on:
https://www.spice-space.org/download/libcacard/
Oversight or on purpose?
Cheershttps://gitlab.freedesktop.org/spice/libcacard/-/issues/12Native TLS/SSL TCP connection instead of ssh/port forwarding2022-06-22T17:38:13ZVincent JARDINNative TLS/SSL TCP connection instead of ssh/port forwardingHi,
instead of ssh/port forwarding, I plan to add the support for some secured TCP sockets for vscclient. I do not have any background about this project. Would you accept a pull request of such feature once it'll become available ? Whi...Hi,
instead of ssh/port forwarding, I plan to add the support for some secured TCP sockets for vscclient. I do not have any background about this project. Would you accept a pull request of such feature once it'll become available ? Which CI framework should be extended in order to include some tests with a secured TCP socket ?
thank you,https://gitlab.freedesktop.org/spice/libcacard/-/issues/11tests/meson.build: unknown variable softhsm2021-01-22T08:37:54ZMichael Tokarevtests/meson.build: unknown variable softhsmWhen building with meson and at least one of hwtests dependencies is not found, meson complains at configure time with message like in the title, about the hwtests block which has depends: [softhsm].
I don't know meson build system yet, ...When building with meson and at least one of hwtests dependencies is not found, meson complains at configure time with message like in the title, about the hwtests block which has depends: [softhsm].
I don't know meson build system yet, but at least one possible solution is to move the block starting at "if pkcs11_tool_dep.found().." at the end and put hwtests block within the if block.https://gitlab.freedesktop.org/spice/libcacard/-/issues/10x86_64 Testsuite ERROR libcacard 2.7.02021-01-04T16:39:08Zsanmanx86_64 Testsuite ERROR libcacard 2.7.0Hi Team,
I get an error in libcacard 2.7.0 when make check, the details are as follows:
```
[ 447s] make check-TESTS
[ 447s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/libcacard-2.7.0'
[ 447s] make[4]: Entering direct...Hi Team,
I get an error in libcacard 2.7.0 when make check, the details are as follows:
```
[ 447s] make check-TESTS
[ 447s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/libcacard-2.7.0'
[ 447s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/libcacard-2.7.0'
[ 447s] PASS: tests/libcacard 1 /libcacard/hexdump
[ 447s] PASS: tests/libcacard 2 /libcacard/list
[ 447s] PASS: tests/libcacard 3 /libcacard/card-remove-insert
[ 447s] PASS: tests/libcacard 4 /libcacard/xfer
[ 447s] PASS: tests/libcacard 5 /libcacard/select-coid
[ 447s] PASS: tests/libcacard 6 /libcacard/cac-pki
[ 447s] PASS: tests/libcacard 7 /libcacard/cac-ccc
[ 447s] PASS: tests/libcacard 8 /libcacard/cac-aca
[ 447s] PASS: tests/libcacard 9 /libcacard/get-response
[ 447s] PASS: tests/libcacard 10 /libcacard/check-login-count
[ 447s] PASS: tests/libcacard 11 /libcacard/login
[ 447s] PASS: tests/libcacard 12 /libcacard/sign
[ 447s] PASS: tests/libcacard 13 /libcacard/empty-applets
[ 447s] PASS: tests/libcacard 14 /libcacard/gp-applet
[ 447s] PASS: tests/libcacard 15 /libcacard/msft-applet
[ 447s] PASS: tests/libcacard 16 /libcacard/invalid-properties-apdu
[ 447s] PASS: tests/libcacard 17 /libcacard/invalid-select-apdu
[ 447s] PASS: tests/libcacard 18 /libcacard/invalid-instruction
[ 447s] PASS: tests/libcacard 19 /libcacard/invalid-read-buffer
[ 447s] PASS: tests/libcacard 20 /libcacard/invalid-acr
[ 447s] PASS: tests/libcacard 21 /libcacard/get-atr
[ 447s] PASS: tests/libcacard 22 /libcacard/passthrough-applet
[ 447s] PASS: tests/libcacard 23 /libcacard/remove
[ 447s] PASS: tests/simpletlv 1 /simpletlv/length/simple
[ 447s] PASS: tests/simpletlv 2 /simpletlv/length/nested
[ 447s] PASS: tests/simpletlv 3 /simpletlv/length/skipped
[ 447s] PASS: tests/simpletlv 4 /simpletlv/encode/simple
[ 447s] PASS: tests/simpletlv 5 /simpletlv/encode/nested
[ 447s] PASS: tests/simpletlv 6 /simpletlv/encode/skipped
[ 447s] PASS: tests/simpletlv 7 /simpletlv/parse/simple
[ 447s] PASS: tests/simpletlv 8 /simpletlv/parse/last_bad
[ 447s] PASS: tests/simpletlv 9 /simpletlv/clone/simple
[ 447s] PASS: tests/hwtests 1 /hw-tests/list
[ 447s] PASS: tests/hwtests 2 /hw-tests/passthrough-applet
[ 447s] PASS: tests/hwtests 3 /hw-tests/check-login-count
[ 447s] PASS: tests/hwtests 4 /hw-tests/msft-applet
[ 447s] PASS: tests/hwtests 5 /hw-tests/gp-applet
[ 447s] PASS: tests/hwtests 6 /hw-tests/login
[ 447s] PASS: tests/hwtests 7 /hw-tests/sign
[ 447s] PASS: tests/hwtests 8 /hw-tests/sign-bad-data
[ 447s] PASS: tests/hwtests 9 /hw-tests/empty-applets
[ 447s] PASS: tests/hwtests 10 /hw-tests/get-response
[ 447s] PASS: tests/hwtests 11 /hw-tests/sign-logout-sign
[ 447s] ERROR: tests/hwtests - exited with status 139 (terminated by signal 11?)
[ 447s] ============================================================================
[ 447s] Testsuite summary for libcacard 2.7.0
[ 447s] ============================================================================
[ 447s] # TOTAL: 44
[ 447s] # PASS: 43
[ 447s] # SKIP: 0
[ 447s] # XFAIL: 0
[ 447s] # FAIL: 0
[ 447s] # XPASS: 0
[ 447s] # ERROR: 1
[ 447s] ============================================================================
[ 447s] See ./test-suite.log
[ 447s] Please report to spice-devel@lists.freedesktop.org
[ 447s] ============================================================================
[ 447s] make[4]: *** [Makefile:1498: test-suite.log] Error 1
[ 447s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/libcacard-2.7.0'
[ 447s] make[3]: *** [Makefile:1606: check-TESTS] Error 2
[ 447s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/libcacard-2.7.0'
[ 447s] make[2]: *** [Makefile:1854: check-am] Error 2
[ 447s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/libcacard-2.7.0'
[ 447s] make[1]: *** [Makefile:1383: check-recursive] Error 1
[ 447s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/libcacard-2.7.0'
[ 447s] make: *** [Makefile:1857: check] Error 2
[ 447s] error: Bad exit status from /var/tmp/rpm-tmp.FndeHx (%check)
[ 447s]
[ 447s]
[ 447s] RPM build errors:
[ 447s] Bad exit status from /var/tmp/rpm-tmp.FndeHx (%check)
[ 447s]
[ 447s] ecs-obsworker-206 failed "build libcacard.spec" at Wed Aug 19 12:03:52 UTC 2020.
[ 447s]
```
details of ./test-suite.log are as follows:
![testsuit-log](/uploads/261a1457c3a8100f5c02ddcf0d5208f0/testsuit-log.PNG)
details ./build_aux/tap-test are as follows:
![build-aux_tap-test](/uploads/2a7c073cc8db562aa801bf625231f37b/build-aux_tap-test.PNG)
I get a very similar error when google that as follows:
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2017-6414#c16
I can't deal with this problem so far, Please help me. (o:https://gitlab.freedesktop.org/spice/libcacard/-/issues/9libcacard-CRITICAL debug message2021-01-04T16:39:08ZRadek Dudalibcacard-CRITICAL debug messageI found critical debug message in a log of `remote-viewer`:
```
(remote-viewer:93506): libcacard-CRITICAL **: 16:51:59.273: file src/vreader.c: line 86 (apdu_ins_to_string): should not be reached
```
@jjelen told me this is just an old...I found critical debug message in a log of `remote-viewer`:
```
(remote-viewer:93506): libcacard-CRITICAL **: 16:51:59.273: file src/vreader.c: line 86 (apdu_ins_to_string): should not be reached
```
@jjelen told me this is just an old debug message, which should be removed and thus not confuse users any more.https://gitlab.freedesktop.org/spice/libcacard/-/issues/82.7.0: test suite freezes2021-01-04T16:39:08ZTomasz Kłoczko2.7.0: test suite freezes```
+ /usr/bin/make -O -j48 V=1 VERBOSE=1 check -j1
/usr/bin/make check-recursive
make[1]: Entering directory '/home/tkloczko/rpmbuild/BUILD/libcacard-2.7.0'
Making check in src
make[2]: Entering directory '/home/tkloczko/rpmbuild/BUILD...```
+ /usr/bin/make -O -j48 V=1 VERBOSE=1 check -j1
/usr/bin/make check-recursive
make[1]: Entering directory '/home/tkloczko/rpmbuild/BUILD/libcacard-2.7.0'
Making check in src
make[2]: Entering directory '/home/tkloczko/rpmbuild/BUILD/libcacard-2.7.0/src'
make[2]: Nothing to be done for 'check'.
make[2]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/libcacard-2.7.0/src'
make[2]: Entering directory '/home/tkloczko/rpmbuild/BUILD/libcacard-2.7.0'
/usr/bin/make tests/libcacard tests/simpletlv tests/hwtests \
make[3]: Entering directory '/home/tkloczko/rpmbuild/BUILD/libcacard-2.7.0'
gcc -DHAVE_CONFIG_H -I. -DG_LOG_DOMAIN=\"libcacard\" -DLIBCACARD_COMPILATION -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/nss3 -I/usr/include/nspr4 -I/usr/include/PCSC -pthread -fno-strict-aliasing -Wnested-externs -Wmissing-prototypes -Wstrict-prototypes -Wdeclaration-after-statement -Wimplicit-function-declaration -Wold-style-definition -Wjump-misses-init -Wall -Wextra -Wundef -Wwrite-strings -Wpointer-arith -Wmissing-declarations -Wredundant-decls -Wno-unused-parameter -Wno-missing-field-initializers -Wformat=2 -Wcast-align -Wformat-nonliteral -Wformat-security -Wsign-compare -Wstrict-aliasing -Wshadow -Winline -Wpacked -Wmissing-format-attribute -Wmissing-noreturn -Winit-self -Wmissing-include-dirs -Wunused-but-set-variable -Warray-bounds -Wreturn-type -Wswitch-enum -Wswitch-default -Wduplicated-cond -Wduplicated-branches -Wlogical-op -Wrestrict -Wnull-dereference -Wdouble-promotion -Wno-error=unused-parameter -Wno-error=missing-field-initializers -I./src -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -flto=auto -flto-partition=none -c -o tests/common.o tests/common.c
gcc -DHAVE_CONFIG_H -I. -DG_LOG_DOMAIN=\"libcacard\" -DLIBCACARD_COMPILATION -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/nss3 -I/usr/include/nspr4 -I/usr/include/PCSC -pthread -fno-strict-aliasing -Wnested-externs -Wmissing-prototypes -Wstrict-prototypes -Wdeclaration-after-statement -Wimplicit-function-declaration -Wold-style-definition -Wjump-misses-init -Wall -Wextra -Wundef -Wwrite-strings -Wpointer-arith -Wmissing-declarations -Wredundant-decls -Wno-unused-parameter -Wno-missing-field-initializers -Wformat=2 -Wcast-align -Wformat-nonliteral -Wformat-security -Wsign-compare -Wstrict-aliasing -Wshadow -Winline -Wpacked -Wmissing-format-attribute -Wmissing-noreturn -Winit-self -Wmissing-include-dirs -Wunused-but-set-variable -Warray-bounds -Wreturn-type -Wswitch-enum -Wswitch-default -Wduplicated-cond -Wduplicated-branches -Wlogical-op -Wrestrict -Wnull-dereference -Wdouble-promotion -Wno-error=unused-parameter -Wno-error=missing-field-initializers -I./src -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -flto=auto -flto-partition=none -c -o tests/libcacard.o tests/libcacard.c
/bin/sh ./libtool --tag=CC --mode=link gcc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -flto=auto -flto-partition=none -Wl,--no-as-needed -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -flto=auto -flto-partition=none -fuse-linker-plugin -o tests/libcacard tests/common.o tests/libcacard.o libcacard.la src/common.lo src/simpletlv.lo
libtool: link: gcc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -flto=auto -flto-partition=none -Wl,--no-as-needed -Wl,-z -Wl,relro -Wl,--as-needed -Wl,-z -Wl,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -flto=auto -flto-partition=none -fuse-linker-plugin -o tests/.libs/libcacard tests/common.o tests/libcacard.o src/.libs/common.o src/.libs/simpletlv.o ./.libs/libcacard.so -lglib-2.0 -lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpcsclite
gcc -DHAVE_CONFIG_H -I. -DG_LOG_DOMAIN=\"libcacard\" -DLIBCACARD_COMPILATION -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/nss3 -I/usr/include/nspr4 -I/usr/include/PCSC -pthread -fno-strict-aliasing -Wnested-externs -Wmissing-prototypes -Wstrict-prototypes -Wdeclaration-after-statement -Wimplicit-function-declaration -Wold-style-definition -Wjump-misses-init -Wall -Wextra -Wundef -Wwrite-strings -Wpointer-arith -Wmissing-declarations -Wredundant-decls -Wno-unused-parameter -Wno-missing-field-initializers -Wformat=2 -Wcast-align -Wformat-nonliteral -Wformat-security -Wsign-compare -Wstrict-aliasing -Wshadow -Winline -Wpacked -Wmissing-format-attribute -Wmissing-noreturn -Winit-self -Wmissing-include-dirs -Wunused-but-set-variable -Warray-bounds -Wreturn-type -Wswitch-enum -Wswitch-default -Wduplicated-cond -Wduplicated-branches -Wlogical-op -Wrestrict -Wnull-dereference -Wdouble-promotion -Wno-error=unused-parameter -Wno-error=missing-field-initializers -I./src -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -flto=auto -flto-partition=none -c -o tests/simpletlv.o tests/simpletlv.c
/bin/sh ./libtool --tag=CC --mode=link gcc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -flto=auto -flto-partition=none -Wl,--no-as-needed -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -flto=auto -flto-partition=none -fuse-linker-plugin -o tests/simpletlv tests/simpletlv.o libcacard.la src/common.lo src/simpletlv.lo
libtool: link: gcc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -flto=auto -flto-partition=none -Wl,--no-as-needed -Wl,-z -Wl,relro -Wl,--as-needed -Wl,-z -Wl,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -flto=auto -flto-partition=none -fuse-linker-plugin -o tests/.libs/simpletlv tests/simpletlv.o src/.libs/common.o src/.libs/simpletlv.o ./.libs/libcacard.so -lglib-2.0 -lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpcsclite
gcc -DHAVE_CONFIG_H -I. -DG_LOG_DOMAIN=\"libcacard\" -DLIBCACARD_COMPILATION -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/nss3 -I/usr/include/nspr4 -I/usr/include/PCSC -pthread -fno-strict-aliasing -Wnested-externs -Wmissing-prototypes -Wstrict-prototypes -Wdeclaration-after-statement -Wimplicit-function-declaration -Wold-style-definition -Wjump-misses-init -Wall -Wextra -Wundef -Wwrite-strings -Wpointer-arith -Wmissing-declarations -Wredundant-decls -Wno-unused-parameter -Wno-missing-field-initializers -Wformat=2 -Wcast-align -Wformat-nonliteral -Wformat-security -Wsign-compare -Wstrict-aliasing -Wshadow -Winline -Wpacked -Wmissing-format-attribute -Wmissing-noreturn -Winit-self -Wmissing-include-dirs -Wunused-but-set-variable -Warray-bounds -Wreturn-type -Wswitch-enum -Wswitch-default -Wduplicated-cond -Wduplicated-branches -Wlogical-op -Wrestrict -Wnull-dereference -Wdouble-promotion -Wno-error=unused-parameter -Wno-error=missing-field-initializers -I./src -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -flto=auto -flto-partition=none -c -o tests/hwtests.o tests/hwtests.c
(cd tests/ && /home/tkloczko/rpmbuild/BUILD/libcacard-2.7.0/tests/setup-softhsm2.sh)
The token has been initialized and is reassigned to slot 1395544715
Using slot 0 with a present token (0x532e528b)
Key pair generated:
Private Key Object; RSA
label: RSA_auth
ID: 01
Usage: decrypt, sign, unwrap
Access: sensitive, always sensitive, never extractable, local
Public Key Object; RSA 1024 bits
label: RSA_auth
ID: 01
Usage: encrypt, verify, wrap
Access: local
Generating a self signed certificate...
X.509 Certificate Information:
Version: 3
Serial Number (hex): 42f5845207585f6cfd058f7fdcb03a86e0869c3b
Validity:
Not Before: Fri Mar 06 13:23:16 UTC 2020
Not After: Sat Mar 06 13:23:16 UTC 2021
Subject: O=OpenSC
Subject Public Key Algorithm: RSA
Algorithm Security Level: Low (1024 bits)
Modulus (bits 1024):
00:c2:16:6b:5d:7b:6d:c1:8d:f1:19:56:01:82:0f:e1
d8:0f:86:ba:0d:34:d8:b2:a5:a5:99:ea:f8:0e:8c:95
d8:01:1c:ff:06:1f:4d:43:db:8a:98:4d:6e:9b:9a:a5
ea:3f:58:b2:2f:a5:c9:38:48:3f:d0:38:30:d3:c2:23
07:87:b0:a2:89:07:6c:3d:a9:32:c5:c8:3d:81:fa:bb
ec:98:38:3f:1f:6f:d1:7d:bb:97:84:1f:20:8c:19:0e
c9:d1:1e:5b:47:5d:be:63:c7:67:24:de:f4:9a:d6:f2
37:a5:42:0d:c4:a4:6e:3d:f3:fd:81:59:93:1c:a6:fb
99
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: none@example.org
Key Usage (critical):
Digital signature.
Key encipherment.
Subject Key Identifier (not critical):
40b83ecb0085a6b8fd621c686f973bbb4dc1810f
Other Information:
Public Key ID:
sha1:40b83ecb0085a6b8fd621c686f973bbb4dc1810f
sha256:b007d25fcf37ed0f5fff19233bfcc999ed71381f8fc39329d5d6125fae2f59c3
Public Key PIN:
pin-sha256:sAfSX8837Q9f/xkjO/zJme1xOB+Pw5Mp1dYSX64vWcM=
Signing certificate...
Using slot 0 with a present token (0x532e528b)
Created certificate:
Certificate Object; type = X.509 cert
label: RSA_auth
subject: DN: O=OpenSC
ID: 01
Object 0:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5da78a23532e528b;token=SC%20test;id=%01;object=RSA_auth;type=public
Type: Public key (RSA-1024)
Label: RSA_auth
Flags: CKA_WRAP/UNWRAP;
ID: 01
Object 1:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5da78a23532e528b;token=SC%20test;id=%01;object=RSA_auth;type=private
Type: Private key (RSA-1024)
Label: RSA_auth
Flags: CKA_WRAP/UNWRAP; CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE;
ID: 01
Object 2:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5da78a23532e528b;token=SC%20test;id=%01;object=RSA_auth;type=cert
Type: X.509 Certificate (RSA-1024)
Expires: Sat Mar 6 13:23:16 2021
Label: RSA_auth
ID: 01
Using slot 0 with a present token (0x532e528b)
Key pair generated:
Private Key Object; RSA
label: RSA_sign
ID: 02
Usage: decrypt, sign, unwrap
Access: sensitive, always sensitive, never extractable, local
Public Key Object; RSA 1024 bits
label: RSA_sign
ID: 02
Usage: encrypt, verify, wrap
Access: local
Generating a self signed certificate...
X.509 Certificate Information:
Version: 3
Serial Number (hex): 42d8e3aaf7284b08f3439c551123463b872ab8f1
Validity:
Not Before: Fri Mar 06 13:23:16 UTC 2020
Not After: Sat Mar 06 13:23:16 UTC 2021
Subject: O=OpenSC
Subject Public Key Algorithm: RSA
Algorithm Security Level: Low (1024 bits)
Modulus (bits 1024):
00:b5:aa:2a:72:53:2b:1e:76:dc:ed:e8:64:5b:67:6f
be:39:8d:8b:c0:2b:e0:96:7e:30:91:a4:2a:4d:38:30
8d:87:1c:58:80:3c:12:76:11:f3:7a:25:6b:46:93:b3
79:d4:a8:04:ed:6a:56:2b:9d:c4:42:81:65:af:9e:11
f5:5c:13:b9:57:6c:c3:17:fa:e8:c7:fe:a4:74:64:b6
55:ed:b6:89:38:72:8e:ac:fd:14:87:2e:97:ff:db:88
5e:96:09:02:34:6f:2b:e2:1c:85:a8:9b:a7:e2:df:d7
5e:e1:44:37:b8:db:b3:d9:c9:38:d9:1d:3b:36:1d:01
b5
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: none@example.org
Key Usage (critical):
Digital signature.
Key encipherment.
Subject Key Identifier (not critical):
93bc722ccbecd668a41abf3dce67c65a7d69253e
Other Information:
Public Key ID:
sha1:93bc722ccbecd668a41abf3dce67c65a7d69253e
sha256:b7450d69e48f72f507026edef471f6428185067faf14732f4fc62018b75d3a08
Public Key PIN:
pin-sha256:t0UNaeSPcvUHAm7e9HH2QoGFBn+vFHMvT8YgGLddOgg=
Signing certificate...
Using slot 0 with a present token (0x532e528b)
Created certificate:
Certificate Object; type = X.509 cert
label: RSA_sign
subject: DN: O=OpenSC
ID: 02
Object 0:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5da78a23532e528b;token=SC%20test;id=%02;object=RSA_sign;type=public
Type: Public key (RSA-1024)
Label: RSA_sign
Flags: CKA_WRAP/UNWRAP;
ID: 02
Object 1:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5da78a23532e528b;token=SC%20test;id=%01;object=RSA_auth;type=public
Type: Public key (RSA-1024)
Label: RSA_auth
Flags: CKA_WRAP/UNWRAP;
ID: 01
Object 2:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5da78a23532e528b;token=SC%20test;id=%01;object=RSA_auth;type=private
Type: Private key (RSA-1024)
Label: RSA_auth
Flags: CKA_WRAP/UNWRAP; CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE;
ID: 01
Object 3:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5da78a23532e528b;token=SC%20test;id=%02;object=RSA_sign;type=cert
Type: X.509 Certificate (RSA-1024)
Expires: Sat Mar 6 13:23:16 2021
Label: RSA_sign
ID: 02
Object 4:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5da78a23532e528b;token=SC%20test;id=%01;object=RSA_auth;type=cert
Type: X.509 Certificate (RSA-1024)
Expires: Sat Mar 6 13:23:16 2021
Label: RSA_auth
ID: 01
Object 5:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5da78a23532e528b;token=SC%20test;id=%02;object=RSA_sign;type=private
Type: Private key (RSA-1024)
Label: RSA_sign
Flags: CKA_WRAP/UNWRAP; CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE;
ID: 02
library name: p11-kit-proxy.so
/bin/sh ./libtool --tag=CC --mode=link gcc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -flto=auto -flto-partition=none -Wl,--no-as-needed -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -flto=auto -flto-partition=none -fuse-linker-plugin -o tests/hwtests tests/common.o tests/hwtests.o libcacard.la src/common.lo src/simpletlv.lo
libtool: link: gcc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -flto=auto -flto-partition=none -Wl,--no-as-needed -Wl,-z -Wl,relro -Wl,--as-needed -Wl,-z -Wl,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -flto=auto -flto-partition=none -fuse-linker-plugin -o tests/.libs/hwtests tests/common.o tests/hwtests.o src/.libs/common.o src/.libs/simpletlv.o ./.libs/libcacard.so -lglib-2.0 -lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpcsclite
make[3]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/libcacard-2.7.0'
/usr/bin/make check-TESTS
make[3]: Entering directory '/home/tkloczko/rpmbuild/BUILD/libcacard-2.7.0'
make[4]: Entering directory '/home/tkloczko/rpmbuild/BUILD/libcacard-2.7.0'
PASS: tests/libcacard 1 /libcacard/hexdump
PASS: tests/libcacard 2 /libcacard/list
PASS: tests/libcacard 3 /libcacard/card-remove-insert
PASS: tests/libcacard 4 /libcacard/xfer
PASS: tests/libcacard 5 /libcacard/select-coid
PASS: tests/libcacard 6 /libcacard/cac-pki
PASS: tests/libcacard 7 /libcacard/cac-ccc
PASS: tests/libcacard 8 /libcacard/cac-aca
PASS: tests/libcacard 9 /libcacard/get-response
PASS: tests/libcacard 10 /libcacard/check-login-count
PASS: tests/libcacard 11 /libcacard/login
PASS: tests/libcacard 12 /libcacard/sign
PASS: tests/libcacard 13 /libcacard/empty-applets
PASS: tests/libcacard 14 /libcacard/gp-applet
PASS: tests/libcacard 15 /libcacard/msft-applet
PASS: tests/libcacard 16 /libcacard/invalid-properties-apdu
PASS: tests/libcacard 17 /libcacard/invalid-select-apdu
PASS: tests/libcacard 18 /libcacard/invalid-instruction
PASS: tests/libcacard 19 /libcacard/invalid-read-buffer
PASS: tests/libcacard 20 /libcacard/invalid-acr
PASS: tests/libcacard 21 /libcacard/get-atr
PASS: tests/libcacard 22 /libcacard/passthrough-applet
PASS: tests/libcacard 23 /libcacard/remove
```
and here it stops.
List of processes:
```
tkloczko 2786344 0.0 0.0 220896 2596 pts/5 S+ 14:11 0:00 \_ make check
tkloczko 2786345 0.0 0.0 220892 2608 pts/5 S+ 14:11 0:00 \_ make check-recursive
tkloczko 2786346 0.1 0.0 221928 3664 pts/5 S+ 14:11 0:00 \_ /bin/sh -c fail=; \ if (target_option=k; case ${target_option-} in ?) ;; *) echo "am__make_running_with_o
tkloczko 2786353 0.0 0.0 220892 2676 pts/5 S+ 14:11 0:00 \_ make check-am
tkloczko 2786357 0.0 0.0 220892 2700 pts/5 S+ 14:11 0:00 \_ make check-TESTS
tkloczko 2786363 0.1 0.0 221792 3316 pts/5 S+ 14:11 0:00 \_ /bin/sh -c set +e; bases='tests/libcacard.log tests/simpletlv.log tests/hwtests.log'; bases=`
tkloczko 2786372 0.0 0.0 220892 2672 pts/5 S+ 14:11 0:00 \_ make test-suite.log TEST_LOGS=tests/libcacard.log tests/simpletlv.log tests/hwtests.log
tkloczko 2786373 0.0 0.0 221796 3296 pts/5 S+ 14:11 0:00 \_ /bin/sh -c p='tests/libcacard'; \ b='tests/libcacard'; \ case $- in *e*) set +e;; esa
tkloczko 2786380 0.1 0.0 221928 3416 pts/5 S+ 14:11 0:00 \_ /bin/sh ./build-aux/tap-driver.sh --test-name tests/libcacard --log-file tests/li
tkloczko 2786381 0.0 0.0 221928 1788 pts/5 S+ 14:11 0:00 \_ /bin/sh ./build-aux/tap-driver.sh --test-name tests/libcacard --log-file test
tkloczko 2786383 0.0 0.0 221792 3232 pts/5 S+ 14:11 0:00 | \_ /bin/sh ./build-aux/tap-test ./tests/libcacard
tkloczko 2786384 98.5 0.0 28404 12640 pts/5 R+ 14:11 0:05 | \_ /home/tkloczko/rpmbuild/BUILD/libcacard-2.7.0/tests/.libs/lt-libcacar
tkloczko 2786382 0.3 0.0 5996 3332 pts/5 S+ 14:11 0:00 \_ gawk -v me=tap-driver.sh -v test_script_name=tests/libcacard -v log_file=test
tkloczko 2786399 0.0 0.0 3784 2976 pts/5 S+ 14:11 0:00 \_ sh -c cat >&3
tkloczko 2786400 0.1 0.0 2484 584 pts/5 S+ 14:11 0:00 \_ cat
```https://gitlab.freedesktop.org/spice/libcacard/-/issues/7Any plans to make new release?2021-01-04T16:39:08ZTomasz KłoczkoAny plans to make new release?I think that it would be good to flush currently committed changes and make new release :)I think that it would be good to flush currently committed changes and make new release :)https://gitlab.freedesktop.org/spice/libcacard/-/issues/6RFE: Emulate different and more common card type2021-01-04T16:39:08ZJakub JelenRFE: Emulate different and more common card typelibcacard historically implemented CACv1 smart cards interface, which was very simple. It was recently changed to CACv2, which is more complicated but it is a bit better supported by other middleware, but still quite restricted to the Do...libcacard historically implemented CACv1 smart cards interface, which was very simple. It was recently changed to CACv2, which is more complicated but it is a bit better supported by other middleware, but still quite restricted to the DoD domain.
Implementing PIV smart card interface, should give us better compatibility with even more middleware applications as the PIV is no longer "only" US Government standard, but also implemented by many token manufacturers. The question is, whether the library should be still called libCACard after implementing this feature and whether there should be possibility to chose between these two or it should completely replace the CAC implementation.https://gitlab.freedesktop.org/spice/libcacard/-/issues/5RFE: Do not depend on NSS library2021-01-04T16:39:08ZTomasz KłoczkoRFE: Do not depend on NSS libraryOn my system libcacard is one of only few packages which is not possible to build against other than nss encryption library.
Do you have any plans to port that part of the code to openssl?On my system libcacard is one of only few packages which is not possible to build against other than nss encryption library.
Do you have any plans to port that part of the code to openssl?https://gitlab.freedesktop.org/spice/libcacard/-/issues/4clang warnings from coverity2021-01-04T16:39:08ZJakub Jelenclang warnings from coverityCoverity reported the following error using clang analyzers:
```
1. libcacard-2.7.0/src/simpletlv.c:122:17: warning: Null pointer passed as an argument to a 'nonnull' parameter
# memcpy(p, tlv[i].value.value, tlv[i].lengt...Coverity reported the following error using clang analyzers:
```
1. libcacard-2.7.0/src/simpletlv.c:122:17: warning: Null pointer passed as an argument to a 'nonnull' parameter
# memcpy(p, tlv[i].value.value, tlv[i].length);
# ^
4. libcacard-2.7.0/src/simpletlv.c:166:12: note: Calling 'simpletlv_encode_internal'
# return simpletlv_encode_internal(tlv, tlv_len, out, outlen, newptr,
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7. libcacard-2.7.0/src/simpletlv.c:80:55: note: 'newp' initialized to a null pointer value
# unsigned char *tmp = NULL, *a = NULL, *p = NULL, *newp = NULL;
# ^~~~
10. libcacard-2.7.0/src/simpletlv.c:85:9: note: Assuming 'expect_len' is > 0
# if (expect_len <= 0)
# ^~~~~~~~~~~~~~~
13. libcacard-2.7.0/src/simpletlv.c:85:5: note: Taking false branch
# if (expect_len <= 0)
# ^
16. libcacard-2.7.0/src/simpletlv.c:88:9: note: Assuming 'outlen' is not equal to 0
# if (outlen == 0 && out != NULL) {
# ^~~~~~~~~~~
19. libcacard-2.7.0/src/simpletlv.c:88:21: note: Left side of '&&' is false
# if (outlen == 0 && out != NULL) {
# ^
22. libcacard-2.7.0/src/simpletlv.c:93:16: note: Assuming 'outlen' is >= 'expect_len'
# } else if ((int)outlen >= expect_len && out != NULL) {
# ^~~~~~~~~~~~~~~~~~~~~~~~~
25. libcacard-2.7.0/src/simpletlv.c:93:16: note: Left side of '&&' is true
26. libcacard-2.7.0/src/simpletlv.c:93:45: note: Assuming 'out' is not equal to NULL
# } else if ((int)outlen >= expect_len && out != NULL) {
# ^~~~~~~~~~~
29. libcacard-2.7.0/src/simpletlv.c:93:12: note: Taking true branch
# } else if ((int)outlen >= expect_len && out != NULL) {
# ^
32. libcacard-2.7.0/src/simpletlv.c:102:5: note: Loop condition is true. Entering loop body
# for (i = 0; i < tlv_len; i++) {
# ^
35. libcacard-2.7.0/src/simpletlv.c:106:9: note: Taking false branch
# if (tlv[i].type == SIMPLETLV_TYPE_NONE)
# ^
38. libcacard-2.7.0/src/simpletlv.c:109:9: note: Taking false branch
# if (tlv[i].type == SIMPLETLV_TYPE_COMPOUND) {
# ^
41. libcacard-2.7.0/src/simpletlv.c:113:9: note: Taking false branch
# if (buffer_type & SIMPLETLV_TL) {
# ^
44. libcacard-2.7.0/src/simpletlv.c:120:9: note: Taking true branch
# if (buffer_type & SIMPLETLV_VALUE) {
# ^
47. libcacard-2.7.0/src/simpletlv.c:121:17: note: Assuming the condition is false
# if (tlv[i].type == SIMPLETLV_TYPE_LEAF) {
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
50. libcacard-2.7.0/src/simpletlv.c:121:13: note: Taking false branch
# if (tlv[i].type == SIMPLETLV_TYPE_LEAF) {
# ^
53. libcacard-2.7.0/src/simpletlv.c:126:22: note: Calling 'simpletlv_encode_internal'
# rv = simpletlv_encode_internal(tlv[i].value.child,
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
56. libcacard-2.7.0/src/simpletlv.c:85:5: note: Taking true branch
# if (expect_len <= 0)
# ^
59. libcacard-2.7.0/src/simpletlv.c:86:9: note: Returning without writing to '*newptr'
# return expect_len;
# ^
62. libcacard-2.7.0/src/simpletlv.c:86:9: note: Returning without writing to '*out'
63. libcacard-2.7.0/src/simpletlv.c:126:22: note: Returning from 'simpletlv_encode_internal'
# rv = simpletlv_encode_internal(tlv[i].value.child,
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
66. libcacard-2.7.0/src/simpletlv.c:128:17: note: Taking false branch
# if (rv < 0)
# ^
69. libcacard-2.7.0/src/simpletlv.c:130:17: note: Null pointer value stored to 'p'
# p = newp;
# ^~~~~~~~
72. libcacard-2.7.0/src/simpletlv.c:102:5: note: Loop condition is true. Entering loop body
# for (i = 0; i < tlv_len; i++) {
# ^
75. libcacard-2.7.0/src/simpletlv.c:106:9: note: Taking false branch
# if (tlv[i].type == SIMPLETLV_TYPE_NONE)
# ^
78. libcacard-2.7.0/src/simpletlv.c:109:9: note: Taking false branch
# if (tlv[i].type == SIMPLETLV_TYPE_COMPOUND) {
# ^
81. libcacard-2.7.0/src/simpletlv.c:113:9: note: Taking false branch
# if (buffer_type & SIMPLETLV_TL) {
# ^
84. libcacard-2.7.0/src/simpletlv.c:120:9: note: Taking true branch
# if (buffer_type & SIMPLETLV_VALUE) {
# ^
87. libcacard-2.7.0/src/simpletlv.c:121:17: note: Assuming the condition is true
# if (tlv[i].type == SIMPLETLV_TYPE_LEAF) {
# ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
90. libcacard-2.7.0/src/simpletlv.c:121:13: note: Taking true branch
# if (tlv[i].type == SIMPLETLV_TYPE_LEAF) {
# ^
93. libcacard-2.7.0/src/simpletlv.c:122:17: note: Null pointer passed as an argument to a 'nonnull' parameter
# memcpy(p, tlv[i].value.value, tlv[i].length);
# ^ ~
# 120| if (buffer_type & SIMPLETLV_VALUE) {
# 121| if (tlv[i].type == SIMPLETLV_TYPE_LEAF) {
# 122|-> memcpy(p, tlv[i].value.value, tlv[i].length);
# 123| p += tlv[i].length;
# 124| } else {
```
I think there is a corner case when nested `simpletlv_encode_internal()` returns zero, but I do not think this happens in the current code.https://gitlab.freedesktop.org/spice/libcacard/-/issues/3Non-deterministic test test_gp_applet()2021-01-04T16:44:19ZJakub JelenNon-deterministic test test_gp_applet()The test `test_gp_applet()` is non-deterministic since it depends on the hash of the first certificate not machine neither of the 6 bytes in the example blob. I think we should find a better way to test this:
```
/* This part should ...The test `test_gp_applet()` is non-deterministic since it depends on the hash of the first certificate not machine neither of the 6 bytes in the example blob. I think we should find a better way to test this:
```
/* This part should be generate from certificate hash, which should
* overwrite default values in template */
g_assert_cmpint(pbRecvBuffer[15], !=, 0x00);
g_assert_cmpint(pbRecvBuffer[16], !=, 0x19);
g_assert_cmpint(pbRecvBuffer[17], !=, 0x00);
g_assert_cmpint(pbRecvBuffer[18], !=, 0x52);
g_assert_cmpint(pbRecvBuffer[19], !=, 0x89);
g_assert_cmpint(pbRecvBuffer[20], !=, 0x0E);
```
https://gitlab.freedesktop.org/spice/libcacard/blob/master/tests/common.c#L940https://gitlab.freedesktop.org/spice/libcacard/-/issues/2Address sanitizer errors (Job Failed #409843)2021-01-04T16:39:08ZJakub JelenAddress sanitizer errors (Job Failed #409843)Job [#409843](https://gitlab.freedesktop.org/spice/libcacard/-/jobs/409843) failed for e4d4c13f25fd2a13ba07c71069be5e5fa65fd603:
If I see right, the error comes from some memory leak in OpenSSL (probably from the autotools runner since ...Job [#409843](https://gitlab.freedesktop.org/spice/libcacard/-/jobs/409843) failed for e4d4c13f25fd2a13ba07c71069be5e5fa65fd603:
If I see right, the error comes from some memory leak in OpenSSL (probably from the autotools runner since we do not link against OpenSSL). Unfortunately, the backtrace is not very helpful:
~~~
=================================================================
==5393==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 192 byte(s) in 1 object(s) allocated from:
#0 0x7f7a2d723ca8 in __interceptor_malloc (/lib64/libasan.so.5+0x10dca8)
#1 0x7f7a28d5c3fd in CRYPTO_zalloc crypto/mem.c:230
SUMMARY: AddressSanitizer: 192 byte(s) leaked in 1 allocation(s).
# End of libcacard tests
ERROR: tests/libcacard - exited with status 1
~~~
Leaving this as an open issue now.