On Tue, 27 Apr 2021 04:28:26 GMT, Greg Rubin <github.com+829871+salusasecon...@openjdk.org> wrote:
>> Anyone can help review this somewhat trivial fix? The main change is inside >> src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_objmgmt.c. This is to >> help better troubleshooting by reporting the type of unavailable attributes >> in PKCS11 exception message when C_GetAttributeValue(...) call failed. The >> java file changes are just cleanup for consolidating the CKR_* constants >> definition into PKCS11Exception class. >> >> Thanks, >> Valerie > > src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_objmgmt.c line 262: > >> 260: temp1 = msg; >> 261: temp2 = msg + 80; >> 262: for (i = 0; i < ckAttributesLength && temp1 < temp2; i++) { > > I think that this loop will append at most 11 bytes to the string each time > (is this correct?), if so, we can make the check `temp1 < temp2 - 12` to > count the final null and avoid running off the end with a buffer overflow. I apologize. This counting code is correct and doesn't have any of the issues I claimed. `snprintf` takes care of everything and I just missed it last night. ------------- PR: https://git.openjdk.java.net/jdk/pull/3709