Hello,
I propose a patch for PKCS#11
Fix: any of these calls
C_CreateObject(hSession, NULL_PTR, 1, NULL_PTR);
C_GetAttributeValue(hSession, hObject, NULL_PTR, 1);
C_SetAttributeValue(hSession, hObject, NULL_PTR, 1);
C_FindObjectsInit(hSession, NULL_PTR, 1);
C_FindObjects(hSession, NULL_PTR, 0, NULL_PTR);
C_FindObjects(hSession, NULL_PTR, 1, NULL_PTR);
C_FindObjects(hSession, NULL_PTR, 1, pulObjectCount);
C_DigestInit(hSession, NULL_PTR);
C_SignInit(hSession, NULL_PTR, hKey);
C_SignRecoverInit(hSession, NULL_PTR, hKey);
C_DecryptInit(hSession, NULL_PTR, hKey);
C_VerifyInit(hSession, NULL_PTR, hKey);
C_GenerateKeyPair(hSession, NULL_PTR, pubKeyTmpl, arraysize(pubKeyTmpl),
prvKeyTmpl, arraysize(prvKeyTmpl), &hPubKey, &hPrvKey);
C_GenerateKeyPair(hSession, pMechanism, pubKeyTmpl,
arraysize(pubKeyTmpl), NULL_PTR, 1, &hPubKey, &hPrvKey);
C_GenerateKeyPair(hSession, pMechanism, NULL_PTR, 1, prvKeyTmpl,
arraysize(prvKeyTmpl), &hPubKey, &hPrvKey);
=>
Segmentation fault
Any idea?
Index: src/pkcs11/pkcs11-object.c
===================================================================
--- src/pkcs11/pkcs11-object.c (revision 3885)
+++ src/pkcs11/pkcs11-object.c (working copy)
@@ -40,6 +40,11 @@
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
+
+ if (pTemplate == NULL_PTR && ulCount > 0) {
+ rv = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
dump_template("C_CreateObject()", pTemplate, ulCount);
rv = pool_find(&session_pool, hSession, (void**) &session);
@@ -129,6 +134,11 @@
if (rv != CKR_OK)
return rv;
+ if (pTemplate == NULL_PTR || ulCount == 0) {
+ rv = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
+
rv = pool_find(&session_pool, hSession, (void**) &session);
if (rv != CKR_OK)
goto out;
@@ -187,6 +197,10 @@
if (rv != CKR_OK)
return rv;
+ if (pTemplate == NULL_PTR || ulCount == 0) {
+ rv = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
dump_template("C_SetAttributeValue", pTemplate, ulCount);
rv = pool_find(&session_pool, hSession, (void**) &session);
@@ -230,6 +244,11 @@
if (rv != CKR_OK)
return rv;
+ if (pTemplate == NULL_PTR && ulCount > 0) {
+ rv = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
+
rv = pool_find(&session_pool, hSession, (void**) &session);
if (rv != CKR_OK)
goto out;
@@ -324,6 +343,11 @@
if (rv != CKR_OK)
return rv;
+ if (phObject == NULL_PTR || ulMaxObjectCount == 0 || pulObjectCount ==
NULL_PTR) {
+ rv = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
+
rv = pool_find(&session_pool, hSession, (void**) &session);
if (rv != CKR_OK)
goto out;
@@ -385,12 +409,17 @@
if (rv != CKR_OK)
return rv;
+ if (pMechanism == NULL_PTR) {
+ rv = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
+
rv = pool_find(&session_pool, hSession, (void**) &session);
if (rv == CKR_OK)
rv = sc_pkcs11_md_init(session, pMechanism);
sc_debug(context, "C_DigestInit returns %d\n", rv);
- sc_pkcs11_unlock();
+out: sc_pkcs11_unlock();
return rv;
}
@@ -483,6 +512,11 @@
if (rv != CKR_OK)
return rv;
+ if (pMechanism == NULL_PTR) {
+ rv = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
+
rv = pool_find(&session_pool, hSession, (void**) &session);
if (rv != CKR_OK)
goto out;
@@ -632,6 +666,11 @@
if (rv != CKR_OK)
return rv;
+ if (pMechanism == NULL_PTR) {
+ rv = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
+
rv = pool_find(&session_pool, hSession, (void**) &session);
if (rv != CKR_OK)
goto out;
@@ -727,6 +766,11 @@
if (rv != CKR_OK)
return rv;
+ if (pMechanism == NULL_PTR) {
+ rv = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
+
rv = pool_find(&session_pool, hSession, (void**) &session);
if (rv != CKR_OK)
goto out;
@@ -864,6 +908,12 @@
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
+ if (pMechanism == NULL_PTR
+ || (pPublicKeyTemplate == NULL_PTR &&
ulPublicKeyAttributeCount > 0)
+ || (pPrivateKeyTemplate == NULL_PTR &&
ulPrivateKeyAttributeCount > 0)) {
+ rv = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
dump_template("C_CreateObject(), PrivKey attrs", pPrivateKeyTemplate,
ulPrivateKeyAttributeCount);
dump_template("C_CreateObject(), PubKey attrs", pPublicKeyTemplate,
ulPublicKeyAttributeCount);
@@ -912,6 +962,11 @@
if (rv != CKR_OK)
return rv;
+ if (pMechanism == NULL_PTR || (pTemplate == NULL_PTR &&
ulAttributeCount > 0)) {
+ rv = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
+
rv = pool_find(&session_pool, hSession, (void**) &session);
if (rv != CKR_OK)
goto out;
@@ -1036,6 +1091,11 @@
if (rv != CKR_OK)
return rv;
+ if (pMechanism == NULL_PTR) {
+ rv = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
+
rv = pool_find(&session_pool, hSession, (void**) &session);
if (rv != CKR_OK)
goto out;
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel