[Spice-devel] [cacard 7/7] cac: Mark the global aid data as const

Christophe Fergeau cfergeau at redhat.com
Fri Aug 10 08:04:29 UTC 2018 

This data is not meant to be modified, marking it as const allows it to
be put in the .relro section, and could help catch unwanted
modifications attempts.

Signed-off-by: Christophe Fergeau <cfergeau at redhat.com>
---
 src/cac.c       | 36 ++++++++++++++++++------------------
 src/card_7816.c | 10 +++++-----
 src/card_7816.h |  4 ++--
 src/vcard.c     |  4 ++--
 src/vcard.h     |  4 ++--
 5 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/src/cac.c b/src/cac.c
index a614aff..5ce3d37 100644
--- a/src/cac.c
+++ b/src/cac.c
@@ -30,31 +30,31 @@
 #include "simpletlv.h"
 #include "common.h"
 
-static unsigned char cac_aca_aid[] = {
+static const unsigned char cac_aca_aid[] = {
     0xa0, 0x00, 0x00, 0x00, 0x79, 0x03, 0x00 };
-static unsigned char cac_ccc_aid[] = {
+static const unsigned char cac_ccc_aid[] = {
     0xa0, 0x00, 0x00, 0x01, 0x16, 0xDB, 0x00 };
-static unsigned char cac_02fb_aid[] = {
+static const unsigned char cac_02fb_aid[] = {
     0xa0, 0x00, 0x00, 0x00, 0x79, 0x02, 0xFB };
-static unsigned char cac_1201_aid[] = {
+static const unsigned char cac_1201_aid[] = {
     0xa0, 0x00, 0x00, 0x00, 0x79, 0x12, 0x01 };
-static unsigned char cac_1202_aid[] = {
+static const unsigned char cac_1202_aid[] = {
     0xa0, 0x00, 0x00, 0x00, 0x79, 0x12, 0x02 };
-static unsigned char cac_02f0_aid[] = {
+static const unsigned char cac_02f0_aid[] = {
     0xa0, 0x00, 0x00, 0x00, 0x79, 0x02, 0xF0 };
-static unsigned char cac_02f1_aid[] = {
+static const unsigned char cac_02f1_aid[] = {
     0xa0, 0x00, 0x00, 0x00, 0x79, 0x02, 0xF1 };
-static unsigned char cac_02f2_aid[] = {
+static const unsigned char cac_02f2_aid[] = {
     0xa0, 0x00, 0x00, 0x00, 0x79, 0x02, 0xF2 };
-static unsigned char cac_access_control_aid[] = {
+static const unsigned char cac_access_control_aid[] = {
     0xa0, 0x00, 0x00, 0x01, 0x16, 0x30, 0x00 };
-static unsigned char cac_pki_certificate_aid[] = {
+static const unsigned char cac_pki_certificate_aid[] = {
     0xa0, 0x00, 0x00, 0x00, 0x79, 0x02, 0xFE };
-static unsigned char cac_pki_credential_aid[] = {
+static const unsigned char cac_pki_credential_aid[] = {
     0xa0, 0x00, 0x00, 0x00, 0x79, 0x02, 0xFD };
-static unsigned char cac_person_instance_aid[] = {
+static const unsigned char cac_person_instance_aid[] = {
     0xa0, 0x00, 0x00, 0x00, 0x79, 0x02, 0x00 };
-static unsigned char cac_personnel_aid[] = {
+static const unsigned char cac_personnel_aid[] = {
     0xa0, 0x00, 0x00, 0x00, 0x79, 0x02, 0x01 };
 
 
@@ -834,7 +834,7 @@ cac_delete_passthrough_applet_private(VCardAppletPrivate *applet_private)
 }
 
 static VCardAppletPrivate *
-cac_new_pki_applet_private(int i, const unsigned char *cert,
+cac_new_pki_applet_private(int id, const unsigned char *cert,
                            int cert_len, VCardKey *key)
 {
     CACPKIAppletData *pki_applet_data;
@@ -984,7 +984,7 @@ cac_new_pki_applet_private(int i, const unsigned char *cert,
         hex_dump(applet_private->val_buffer, applet_private->val_buffer_len, NULL, 0));
 
     /* Inject Object ID */
-    object_id[1] = i;
+    object_id[1] = id;
     pki_object[0].value.value = object_id;
 
     /* Create Object ID list */
@@ -2022,7 +2022,7 @@ failure:
 
 static VCardAppletPrivate *
 cac_new_passthrough_applet_private(VCard *card, const char *label,
-                                   unsigned char *aid, unsigned int aid_len)
+                                   const unsigned char *aid, unsigned int aid_len)
 {
     CACPTAppletData *pt_applet_data;
     VCardAppletPrivate *applet_private;
@@ -2168,7 +2168,7 @@ failure:
 }
 
 static VCardApplet *
-cac_new_empty_applet(unsigned char *aid, unsigned int aid_len,
+cac_new_empty_applet(const unsigned char *aid, unsigned int aid_len,
                      unsigned char coids[][2], unsigned int coids_len)
 {
     VCardAppletPrivate *applet_private;
@@ -2200,7 +2200,7 @@ failure:
 
 static VCardApplet *
 cac_new_passthrough_applet(VCard *card, const char *label,
-                           unsigned char *aid, unsigned int aid_len)
+                           const unsigned char *aid, unsigned int aid_len)
 {
     VCardAppletPrivate *applet_private;
     VCardApplet *applet;
diff --git a/src/card_7816.c b/src/card_7816.c
index 7be9469..ccb63b6 100644
--- a/src/card_7816.c
+++ b/src/card_7816.c
@@ -15,10 +15,10 @@
 
 
 /* Global Platform Card Manager applet AID */
-static unsigned char gp_aid[] = {
+static const unsigned char gp_aid[] = {
     0xa0, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00 };
 /* Global Platfrom Card Manager response on select applet */
-static unsigned char gp_response[] = {
+static const unsigned char gp_response[] = {
     0x6F, 0x19, 0x84, 0x08, 0xA0, 0x00, 0x00, 0x00,
     0x03, 0x00, 0x00, 0x00, 0xA5, 0x0D, 0x9F, 0x6E,
     0x06, 0x12, 0x91, 0x51, 0x81, 0x01, 0x00, 0x9F,
@@ -61,7 +61,7 @@ vcard_response_set_status_bytes(VCardResponse *response,
  * set up everything but the resonse bytes.
  */
 VCardResponse *
-vcard_response_new_data(unsigned char *buf, int len)
+vcard_response_new_data(const unsigned char *buf, int len)
 {
     VCardResponse *new_response;
 
@@ -75,7 +75,7 @@ vcard_response_new_data(unsigned char *buf, int len)
 }
 
 static VCardResponse *
-vcard_init_buffer_response(VCard *card, unsigned char *buf, int len)
+vcard_init_buffer_response(VCard *card, const unsigned char *buf, int len)
 {
     VCardResponse *response;
     VCardBufferResponse *buffer_response;
@@ -102,7 +102,7 @@ vcard_init_buffer_response(VCard *card, unsigned char *buf, int len)
  * general buffer to hold results from APDU calls
  */
 VCardResponse *
-vcard_response_new(VCard *card, unsigned char *buf,
+vcard_response_new(VCard *card, const unsigned char *buf,
                    int len, int Le, vcard_7816_status_t status)
 {
     VCardResponse *new_response;
diff --git a/src/card_7816.h b/src/card_7816.h
index 30b6d09..9519376 100644
--- a/src/card_7816.h
+++ b/src/card_7816.h
@@ -14,7 +14,7 @@
  * constructors for VCardResponse's
  */
 /* response from a return buffer and a status */
-VCardResponse *vcard_response_new(VCard *card, unsigned char *buf, int len,
+VCardResponse *vcard_response_new(VCard *card, const unsigned char *buf, int len,
                                   int Le, vcard_7816_status_t status);
 /* response from a return buffer and status bytes */
 VCardResponse *vcard_response_new_bytes(VCard *card, unsigned char *buf,
@@ -29,7 +29,7 @@ VCardResponse *vcard_response_new_status_bytes(unsigned char sw1,
 VCardResponse *vcard_make_response(vcard_7816_status_t status);
 
 /* create a raw response (status has already been encoded */
-VCardResponse *vcard_response_new_data(unsigned char *buf, int len);
+VCardResponse *vcard_response_new_data(const unsigned char *buf, int len);
 
 void vcard_response_set_status_bytes(VCardResponse *response,
                                      unsigned char sw1, unsigned char sw2);
diff --git a/src/vcard.c b/src/vcard.c
index aeae011..9c1bcf2 100644
--- a/src/vcard.c
+++ b/src/vcard.c
@@ -35,7 +35,7 @@ struct VCardStruct {
 };
 
 VCardBufferResponse *
-vcard_buffer_response_new(unsigned char *buffer, int size)
+vcard_buffer_response_new(const unsigned char *buffer, int size)
 {
     VCardBufferResponse *new_buffer;
 
@@ -221,7 +221,7 @@ vcard_add_applet(VCard *card, VCardApplet *applet)
  * manage applets
  */
 VCardApplet *
-vcard_find_applet(VCard *card, unsigned char *aid, int aid_len)
+vcard_find_applet(VCard *card, const unsigned char *aid, int aid_len)
 {
     VCardApplet *current_applet;
 
diff --git a/src/vcard.h b/src/vcard.h
index 1364dfb..46bbb74 100644
--- a/src/vcard.h
+++ b/src/vcard.h
@@ -13,7 +13,7 @@
  * response buffers are used when we need to return more data than will fit in
  * a normal APDU response (nominally 254 bytes).
  */
-VCardBufferResponse *vcard_buffer_response_new(unsigned char *buffer, int size);
+VCardBufferResponse *vcard_buffer_response_new(const unsigned char *buffer, int size);
 void vcard_buffer_response_delete(VCardBufferResponse *buffer_response);
 
 
@@ -51,7 +51,7 @@ void vcard_set_type(VCard *card, VCardType type);
 /* add a new applet to a card */
 VCardStatus vcard_add_applet(VCard *card, VCardApplet *applet);
 /* find the applet on the card with the given aid */
-VCardApplet *vcard_find_applet(VCard *card, unsigned char *aid, int aid_len);
+VCardApplet *vcard_find_applet(VCard *card, const unsigned char *aid, int aid_len);
 /* set the following applet to be current on the given channel */
 void vcard_select_applet(VCard *card, int channel, VCardApplet *applet);
 /* get the card type specific private data on the given channel */
-- 
2.17.1

More information about the Spice-devel mailing list