This is somewhat of a "minibug", but we decided that we want to have
a bit of a safeguard against a pkcs#11 provider that requests us to
allocate impossible amounts of memory. Of course there are other ways
it could crash, but this one is a bit of "good housekeeping".
I have not tested it beyond "does it compile" - have no smartcard, and
especially not one that misbehaves (and do not feel like setting up
SoftHSM and stuff to test this for real).
Your patch has been applied to the master and release/2.7 branch (minibug).
commit 0a8e80aaf9c96718903251a828bc3e8055014160 (master)
commit bf7f8548c7bfd31f0e6fed880890d5106c2ab982 (release/2.7)
Author: Max Fillinger
Date: Mon Mar 2 15:20:39 2026 +0100
Avoid unbounded allocations in pkcs11_mbedtls.c
Signed-off-by: Max Fillinger <[email protected]>
Acked-by: Arne Schwabe <[email protected]>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1549
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg35807.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
