Re: [Opencryptoki-tech] Opencryptoki-tech Digest, Vol 53, Issue 1

Fri, 04 Dec 2015 14:29:35 -0800 

Harald,

Both your patches are merged! Thanks!

Thanks,
Vineetha



From:   [email protected]
To:     [email protected]
Date:   12/04/2015 07:03 AM
Subject:        Opencryptoki-tech Digest, Vol 53, Issue 1



Send Opencryptoki-tech mailing list submissions to
                 [email protected]

To subscribe or unsubscribe via the World Wide Web, visit
                 https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
or, via email, send a message with subject or body 'help' to
                 [email protected]

You can reach the person managing the list at
                 [email protected]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Opencryptoki-tech digest..."


Today's Topics:

   1. [PATCH] Fix buffer overflow in cca token           function
      ccatok_hmac(). (Harald Freudenberger)


----------------------------------------------------------------------

Message: 1
Date: Thu,  3 Dec 2015 15:23:52 +0100
From: Harald Freudenberger <[email protected]>
Subject: [Opencryptoki-tech] [PATCH] Fix buffer overflow in cca token
                 function ccatok_hmac().
To: [email protected]
Cc: [email protected]
Message-ID:
                 <[email protected]>

Somehow our internal driver has build opencryptoki with stack
checking enabled (e.g. ./configure CFLAGS=-fstack-protector-all).
When the opencryptoki testcases are executed against an opencryptoki
installation which has this stack checking enabled, a buffer overrun will
result in the cca token in function ccatok_hmac().
Looking into the code the reason is simple: the rule_array buffer only has
space for 1 keyword (8 bytes) but via memcopy there are 3*8 bytes copied
in. Here is the fix for this. I also checked the other rule_array uses and
replaced on some more occurrences the dimension with the preprocessor value
CCA_RULE_ARRAY_SIZE which should be vast enough to cover all needs there.

Signed-off-by: Harald Freudenberger <[email protected]>
---
 usr/lib/pkcs11/cca_stdll/cca_specific.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/usr/lib/pkcs11/cca_stdll/cca_specific.c
b/usr/lib/pkcs11/cca_stdll/cca_specific.c
index 0ea5ce2..750eed5 100644
--- a/usr/lib/pkcs11/cca_stdll/cca_specific.c
+++ b/usr/lib/pkcs11/cca_stdll/cca_specific.c
@@ -2054,7 +2054,7 @@ CK_RV ccatok_hmac(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE
*in_data,
 {
                 struct cca_sha_ctx *cca_ctx;
                 long return_code = 0, reason_code = 0, rule_array_count = 3;
-                unsigned char rule_array[CCA_KEYWORD_SIZE];
+                unsigned char rule_array[CCA_RULE_ARRAY_SIZE];
                 OBJECT *key = NULL;
                 CK_ATTRIBUTE *attr = NULL;
                 CK_RV rc = CKR_OK;
@@ -2805,7 +2805,7 @@ static CK_RV import_symmetric_key(OBJECT *object,
CK_ULONG keytype)
                 CK_RV rc;
                 long return_code, reason_code, rule_array_count;
                 unsigned char target_key_id[CCA_KEY_ID_SIZE] = { 0 };
-                unsigned char rule_array[CCA_KEYWORD_SIZE] = { 0 };
+                unsigned char rule_array[CCA_RULE_ARRAY_SIZE] = { 0 };
                 CK_ATTRIBUTE *opaque_key = NULL;
                 CK_ATTRIBUTE *attr = NULL;

@@ -2862,7 +2862,7 @@ static CK_RV import_generic_secret_key(OBJECT
*object)
                 CK_RV rc;
                 long return_code, reason_code, rule_array_count;
                 unsigned char key_token[CCA_KEY_TOKEN_SIZE] = { 0 };
-                unsigned char rule_array[5 * CCA_KEYWORD_SIZE] = { 0 };
+                unsigned char rule_array[CCA_RULE_ARRAY_SIZE] = { 0 };
                 long key_name_len = 0, clr_key_len = 0;
                 long user_data_len = 0, key_part_len = 0;
                 long token_data_len = 0, verb_data_len = 0;
@@ -3046,7 +3046,7 @@ CK_RV token_specific_generic_secret_key_gen (TEMPLATE
*template)
                 unsigned char key_type2[8] = {0};
                 unsigned char key_token[CCA_KEY_TOKEN_SIZE] = { 0 };
                 long key_token_length = sizeof(key_token);
-                unsigned char rule_array[4 * CCA_KEYWORD_SIZE] = { 0 };
+                unsigned char rule_array[CCA_RULE_ARRAY_SIZE] = { 0 };

                 rc = template_attribute_find(template, CKA_VALUE_LEN, &attr);
                 if (rc == FALSE) {
--
1.7.9.5




------------------------------

------------------------------------------------------------------------------

Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple
OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140

------------------------------

_______________________________________________
Opencryptoki-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech


End of Opencryptoki-tech Digest, Vol 53, Issue 1
************************************************




------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Opencryptoki-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech

Reply via email to