diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2018-11-29 18:21:22 +0100 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2018-12-13 17:26:26 +0100 |
| commit | e32724e3924da84374165b4841cc83dc3fc39351 (patch) | |
| tree | f594f198de86f1b03b50d2d3144029987b8a8845 | |
| parent | 571d037cc17fdf9434ad7504a0ca3fd1d010537a (diff) | |
| download | gnutls-e32724e3924da84374165b4841cc83dc3fc39351.tar.gz | |
pkcs11: fix memleak when querying for GNUTLS_PKCS11_TOKEN_MODNAME
find_token_modname_cb uses p11_kit_config_option to retrieve the module
name, but its return value must be free'd.
Other fixes:
- Do not silently truncate the output buffer, return an error instead.
- If the module name is unavailable, do not write "(null)" to the
output. Write an empty string instead.
- The module path can be of arbitrary length, so passing output=NULL to
learn the length seems reasonable, except that snprintf crashed on a
NULL pointer dereference.
Fixes: 241f9f0b1 ("Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_info")
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
| -rw-r--r-- | lib/pkcs11.c | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 3b81aa4dd2..0a322bc360 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -2476,6 +2476,7 @@ gnutls_pkcs11_token_get_info(const char *url, struct p11_kit_uri *info = NULL; const uint8_t *str; size_t str_max; + char *temp_str = NULL; size_t len; int ret; @@ -2516,10 +2517,14 @@ gnutls_pkcs11_token_get_info(const char *url, goto cleanup; } - snprintf(output, *output_size, "%s", tn.modname); - *output_size = strlen(output); - ret = 0; - goto cleanup; + temp_str = tn.modname; + if (temp_str == NULL) { + gnutls_assert(); + str_max = 0; + } else { + str = (uint8_t *)temp_str; + } + break; } default: gnutls_assert(); @@ -2527,14 +2532,21 @@ gnutls_pkcs11_token_get_info(const char *url, goto cleanup; } - len = p11_kit_space_strlen(str, str_max); + if (temp_str) + len = strlen(temp_str); + else if (str_max == 0) + len = 0; + else + len = p11_kit_space_strlen(str, str_max); if (len + 1 > *output_size) { *output_size = len + 1; - return GNUTLS_E_SHORT_MEMORY_BUFFER; + ret = GNUTLS_E_SHORT_MEMORY_BUFFER; + goto cleanup; } - memcpy(output, str, len); + if (len) + memcpy(output, str, len); ((char *) output)[len] = '\0'; *output_size = len; @@ -2542,6 +2554,7 @@ gnutls_pkcs11_token_get_info(const char *url, ret = 0; cleanup: + free(temp_str); p11_kit_uri_free(info); return ret; } |