From: Jaroslaw Pelczar <j.pelczar@samsung.com>
Date: Fri, 20 Oct 2017 15:53:47 +0000 (+0200)
Subject: Fix for SVACE DEREF_AFTER_NULL
X-Git-Tag: accepted/tizen/4.0/unified/20171026.152951~14
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=23a2d6030337869f2b00ae2c30d805b0b85cc7d1;p=platform%2Fcore%2Fsecurity%2Ftef-simulator.git

Fix for SVACE DEREF_AFTER_NULL

DEREF_AFTER_NULL: After having been compared to NULL value at
ssf_crypto.cpp:1990, pointer 'key1' is dereferenced at
ssf_crypto.cpp:1999.
    [dereference] Dereference at /home/abuild/rpmbuild/BUILD/tef-
simulator-0.0.1/ssflib/src/ssf_crypto.cpp:1999
    [null check] null check at /home/abuild/rpmbuild/BUILD/tef-
simulator-0.0.1/ssflib/src/ssf_crypto.cpp:1990

Change-Id: Iaf1ed9dd32b30bc958a91ac1a30382c71b3d4b43
Signed-off-by: Jaroslaw Pelczar <j.pelczar@samsung.com>
---

diff --git a/ssflib/src/ssf_crypto.cpp b/ssflib/src/ssf_crypto.cpp
index 96f9489..4780887 100644
--- a/ssflib/src/ssf_crypto.cpp
+++ b/ssflib/src/ssf_crypto.cpp
@@ -1996,15 +1996,20 @@ TEE_Result TEE_SetOperationKey2( TEE_OperationHandle operation, TEE_ObjectHandle
 		return TEE_SUCCESS;
 	}
 
-	if ((key1->tr.info.objectUsage | ~op->info.requiredKeyUsage) != 0xffffffff) {
+	if (key1 && (key1->tr.info.objectUsage | ~op->info.requiredKeyUsage) != 0xffffffff) {
 		CRYPTO_PANIC;
 	}
-	if ((key2->tr.info.objectUsage | ~op->info.requiredKeyUsage) != 0xffffffff) {
+	if (key2 && (key2->tr.info.objectUsage | ~op->info.requiredKeyUsage) != 0xffffffff) {
 		CRYPTO_PANIC;
 	}
 
-	TEE_CopyObjectAttributes(op->key1, key1);
-	TEE_CopyObjectAttributes(op->key2, key2);
+	if(key1) {
+		TEE_CopyObjectAttributes(op->key1, key1);
+	}
+
+	if(key2) {
+		TEE_CopyObjectAttributes(op->key2, key2);
+	}
 
 	op->info.handleState |= TEE_HANDLE_FLAG_KEY_SET;
 	return TEE_SUCCESS;