From 773fcc6bd0d047aa629dd297e87244ca3add5b16 Mon Sep 17 00:00:00 2001
From: Peter Popovec <popovec.peter@gmail.com>
Date: Sun, 7 Jan 2024 17:38:14 +0100
Subject: [PATCH] iasecc: Avoid memory leaks

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65562
---
 src/libopensc/card-iasecc.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/libopensc/card-iasecc.c b/src/libopensc/card-iasecc.c
index 67f3727890..b20123d658 100644
--- a/src/libopensc/card-iasecc.c
+++ b/src/libopensc/card-iasecc.c
@@ -1544,6 +1544,7 @@ iasecc_delete_file(struct sc_card *card, const struct sc_path *path)
 	struct sc_apdu apdu;
 	struct sc_file *file = NULL;
 	int rv;
+	unsigned int file_id;
 
 	LOG_FUNC_CALLED(ctx);
 	sc_print_cache(card);
@@ -1554,13 +1555,17 @@ iasecc_delete_file(struct sc_card *card, const struct sc_path *path)
 	LOG_TEST_RET(ctx, rv, "Cannot select file to delete");
 
 	entry = sc_file_get_acl_entry(file, SC_AC_OP_DELETE);
+
+	file_id = file->id;
+	sc_file_free(file);
+
 	if (!entry)
 		LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_FOUND, "Cannot delete file: no 'DELETE' acl");
 
 	sc_log(ctx, "DELETE method/reference %X/%X", entry->method, entry->key_ref);
 	if (entry->method == SC_AC_SCB && (entry->key_ref & IASECC_SCB_METHOD_SM))   {
 		unsigned char se_num = entry->key_ref & IASECC_SCB_METHOD_MASK_REF;
-		rv = iasecc_sm_delete_file(card, se_num, file->id);
+		rv = iasecc_sm_delete_file(card, se_num, file_id);
 	}
 	else   {
 		sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0xE4, 0x00, 0x00);
@@ -1576,7 +1581,6 @@ iasecc_delete_file(struct sc_card *card, const struct sc_path *path)
 		card->cache.current_ef = NULL;
 	}
 
-	sc_file_free(file);
 	LOG_FUNC_RETURN(ctx, rv);
 }