diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-23 11:33:53 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-23 11:55:45 +0200 |
commit | 5cc8193ada2db3bc9cc28aad488517c7dacf4852 (patch) | |
tree | bf88f2b89707fd24de6bc078593994f5b5f5ae87 | |
parent | c46143f61e368509b355e6efd46352d016b8c6ab (diff) | |
download | gnutls-5cc8193ada2db3bc9cc28aad488517c7dacf4852.tar.gz |
pkcs11: added sanity check to find_obj_url_cb() for object validity
Also avoid unnecessary recursion.
-rw-r--r-- | lib/pkcs11.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 415cb173e4..5623305ce6 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1917,7 +1917,7 @@ find_obj_url_cb(struct ck_function_list *module, struct pkcs11_session_info *sin ck_certificate_type_t type; ck_object_class_t class; ck_rv_t rv; - ck_object_handle_t obj; + ck_object_handle_t objx = CK_INVALID_HANDLE; unsigned long count; unsigned a_vals; int found = 0, ret; @@ -1952,9 +1952,9 @@ find_obj_url_cb(struct ck_function_list *module, struct pkcs11_session_info *sin goto cleanup; } - if (pkcs11_find_objects(sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && + if (pkcs11_find_objects(sinfo->module, sinfo->pks, &objx, 1, &count) == CKR_OK && count == 1) { - ret = pkcs11_import_object(obj, class, sinfo, tinfo, lib_info, find_data->obj); + ret = pkcs11_import_object(objx, class, sinfo, tinfo, lib_info, find_data->obj); if (ret >= 0) { found = 1; } @@ -1973,15 +1973,15 @@ find_obj_url_cb(struct ck_function_list *module, struct pkcs11_session_info *sin cleanup: pkcs11_find_objects_final(sinfo); - if (ret == 0 && find_data->overwrite_exts && find_data->obj->raw.size > 0) { + if (ret == 0 && find_data->overwrite_exts && find_data->obj->raw.size > 0 && objx != CK_INVALID_HANDLE) { gnutls_datum_t spki; - rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, obj, CKA_PUBLIC_KEY_INFO, &spki); + rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, objx, CKA_PUBLIC_KEY_INFO, &spki); if (rv == CKR_OK) { ret = pkcs11_override_cert_exts(sinfo, &spki, &find_data->obj->raw); gnutls_free(spki.data); if (ret < 0) { gnutls_assert(); - goto cleanup; + return ret; } } } |