On Tue, 27 Apr 2021 04:28:26 GMT, Greg Rubin
<github.com+829871+salusasecon...@openjdk.org> wrote:
>> Anyone can help review this somewhat trivial fix? The main change is inside
>> src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_objmgmt.c. This is to
>> help better troubleshooting by reporting the type of unavailable attributes
>> in PKCS11 exception message when C_GetAttributeValue(...) call failed. The
>> java file changes are just cleanup for consolidating the CKR_* constants
>> definition into PKCS11Exception class.
>>
>> Thanks,
>> Valerie
>
> src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_objmgmt.c line 262:
>
>> 260: temp1 = msg;
>> 261: temp2 = msg + 80;
>> 262: for (i = 0; i < ckAttributesLength && temp1 < temp2; i++) {
>
> I think that this loop will append at most 11 bytes to the string each time
> (is this correct?), if so, we can make the check `temp1 < temp2 - 12` to
> count the final null and avoid running off the end with a buffer overflow.
I apologize. This counting code is correct and doesn't have any of the issues I
claimed. `snprintf` takes care of everything and I just missed it last night.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3709
