From fbb3b9cef91299fe60c8a85345a8318ce50800c6 Mon Sep 17 00:00:00 2001
From: Zhipeng Xue <543984341@qq.com>
Date: Sun, 5 Mar 2023 13:38:43 +0800
Subject: [PATCH] Fix potential null dereference

---
 sesman/chansrv/chansrv.c        |  4 +++
 sesman/chansrv/smartcard_pcsc.c | 48 +++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+)

diff --git a/sesman/chansrv/chansrv.c b/sesman/chansrv/chansrv.c
index 80f19b22..be07d01c 100644
--- a/sesman/chansrv/chansrv.c
+++ b/sesman/chansrv/chansrv.c
@@ -317,6 +317,10 @@ send_rail_drawing_orders(char *data, int size)
     int error;
 
     s = trans_get_out_s(g_con_trans, 8192);
+    if (s == NULL)
+    {
+        return 1;
+    }
     out_uint32_le(s, 0); /* version */
     out_uint32_le(s, 8 + 8 + size); /* size */
     out_uint32_le(s, 10); /* msg id */
diff --git a/sesman/chansrv/smartcard_pcsc.c b/sesman/chansrv/smartcard_pcsc.c
index 7dd7e4e9..c96bfa1b 100644
--- a/sesman/chansrv/smartcard_pcsc.c
+++ b/sesman/chansrv/smartcard_pcsc.c
@@ -498,6 +498,10 @@ scard_function_establish_context_return(void *user_data,
                   "app_context %d", app_context);
     }
     out_s = trans_get_out_s(con, 8192);
+    if (out_s == NULL)
+    {
+        return 1;
+    }
     s_push_layer(out_s, iso_hdr, 8);
     out_uint32_le(out_s, app_context);
     out_uint32_le(out_s, status); /* SCARD_S_SUCCESS status */
@@ -564,6 +568,10 @@ scard_function_release_context_return(void *user_data,
     }
     con = uds_client->con;
     out_s = trans_get_out_s(con, 8192);
+    if (out_s == NULL)
+    {
+        return 1;
+    }
     s_push_layer(out_s, iso_hdr, 8);
     out_uint32_le(out_s, status); /* SCARD_S_SUCCESS status */
     s_mark_end(out_s);
@@ -723,6 +731,10 @@ scard_function_list_readers_return(void *user_data,
     }
 
     out_s = trans_get_out_s(con, 8192);
+    if (out_s == NULL)
+    {
+        return 1;
+    }
     s_push_layer(out_s, iso_hdr, 8);
     out_uint32_le(out_s, llen);
     out_uint32_le(out_s, readers);
@@ -826,6 +838,10 @@ scard_function_connect_return(void *user_data,
         }
     }
     out_s = trans_get_out_s(con, 8192);
+    if (out_s == NULL)
+    {
+        return 1;
+    }
     s_push_layer(out_s, iso_hdr, 8);
     out_uint32_le(out_s, hCard);
     out_uint32_le(out_s, dwActiveProtocol);
@@ -894,6 +910,10 @@ scard_function_disconnect_return(void *user_data,
     }
     con = uds_client->con;
     out_s = trans_get_out_s(con, 8192);
+    if (out_s == NULL)
+    {
+        return 1;
+    }
     s_push_layer(out_s, iso_hdr, 8);
     out_uint32_le(out_s, status); /* SCARD_S_SUCCESS status */
     s_mark_end(out_s);
@@ -960,6 +980,10 @@ scard_function_begin_transaction_return(void *user_data,
     }
     con = uds_client->con;
     out_s = trans_get_out_s(con, 8192);
+    if (out_s == NULL)
+    {
+        return 1;
+    }
     s_push_layer(out_s, iso_hdr, 8);
     out_uint32_le(out_s, status); /* SCARD_S_SUCCESS status */
     s_mark_end(out_s);
@@ -1030,6 +1054,10 @@ scard_function_end_transaction_return(void *user_data,
     con = uds_client->con;
 
     out_s = trans_get_out_s(con, 8192);
+    if (out_s == NULL)
+    {
+        return 1;
+    }
     s_push_layer(out_s, iso_hdr, 8);
     out_uint32_le(out_s, status); /* SCARD_S_SUCCESS status */
     s_mark_end(out_s);
@@ -1179,6 +1207,10 @@ scard_function_transmit_return(void *user_data,
     }
     LOG_DEVEL(LOG_LEVEL_DEBUG, "scard_function_transmit_return: cbRecvLength %d", cbRecvLength);
     out_s = trans_get_out_s(con, 8192);
+    if (out_s == NULL)
+    {
+        return 1;
+    }
     s_push_layer(out_s, iso_hdr, 8);
     out_uint32_le(out_s, recv_ior.dwProtocol);
     out_uint32_le(out_s, recv_ior.cbPciLength);
@@ -1274,6 +1306,10 @@ scard_function_control_return(void *user_data,
     }
     LOG_DEVEL(LOG_LEVEL_DEBUG, "scard_function_control_return: cbRecvLength %d", cbRecvLength);
     out_s = trans_get_out_s(con, 8192);
+    if (out_s == NULL)
+    {
+        return 1;
+    }
     s_push_layer(out_s, iso_hdr, 8);
     out_uint32_le(out_s, cbRecvLength);
     out_uint8a(out_s, recvBuf, cbRecvLength);
@@ -1447,6 +1483,10 @@ scard_function_status_return(void *user_data,
               "dwProtocol %d dwState %d name %s",
               dwAtrLen, dwReaderLen, dwProtocol, dwState, lreader_name);
     out_s = trans_get_out_s(con, 8192);
+    if (out_s == NULL)
+    {
+        return 1;
+    }
     s_push_layer(out_s, iso_hdr, 8);
     dwReaderLen = g_strlen(lreader_name);
     out_uint32_le(out_s, dwReaderLen);
@@ -1560,6 +1600,10 @@ scard_function_get_status_change_return(void *user_data,
     con = uds_client->con;
 
     out_s = trans_get_out_s(con, 8192);
+    if (out_s == NULL)
+    {
+        return 1;
+    }
     s_push_layer(out_s, iso_hdr, 8);
     if (status != 0)
     {
@@ -1650,6 +1694,10 @@ scard_function_cancel_return(void *user_data,
     }
     con = uds_client->con;
     out_s = trans_get_out_s(con, 8192);
+    if (out_s == NULL)
+    {
+        return 1;
+    }
     s_push_layer(out_s, iso_hdr, 8);
     out_uint32_le(out_s, status); /* SCARD_S_SUCCESS status */
     s_mark_end(out_s);