diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-12-16 05:34:54 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-12-16 05:34:54 +0000 |
commit | 0b03bec946b28cb60d71e647d1597322689e8bb0 (patch) | |
tree | 6437e6b0888fafe69bd537f84be3b373afa54ecb /lib | |
parent | 460cd7e92818c14d4bd03331111db41c7bfccdff (diff) | |
parent | 26209fff5bce1bf3c9952c005f1ac726f3f4ebd4 (diff) | |
download | gnutls-0b03bec946b28cb60d71e647d1597322689e8bb0.tar.gz |
Merge branch 'fix-token-info-modname' into 'master'
Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak
See merge request gnutls/gnutls!827
Diffstat (limited to 'lib')
-rw-r--r-- | lib/pkcs11.c | 47 |
1 files changed, 36 insertions, 11 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 1a335ea959..c974565830 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -612,12 +612,17 @@ gnutls_pkcs11_obj_set_info(gnutls_pkcs11_obj_t obj, * @obj: should contain a #gnutls_pkcs11_obj_t type * @itype: Denotes the type of information requested * @output: where output will be stored - * @output_size: contains the maximum size of the output and will be overwritten with actual + * @output_size: contains the maximum size of the output buffer and will be + * overwritten with the actual size. * * This function will return information about the PKCS11 certificate * such as the label, id as well as token information where the key is - * stored. When output is text it returns null terminated string - * although @output_size contains the size of the actual data only. + * stored. + * + * When output is text, a null terminated string is written to @output and its + * string length is written to @output_size (without null terminator). If the + * buffer is too small, @output_size will contain the expected buffer size + * (with null terminator for text) and return %GNUTLS_E_SHORT_MEMORY_BUFFER. * * In versions previously to 3.6.0 this function included the null terminator * to @output_size. After 3.6.0 the output size doesn't include the terminator character. @@ -2447,11 +2452,17 @@ gnutls_pkcs11_token_get_url(unsigned int seq, * @url: should contain a PKCS 11 URL * @ttype: Denotes the type of information requested * @output: where output will be stored - * @output_size: contains the maximum size of the output and will be overwritten with actual + * @output_size: contains the maximum size of the output buffer and will be + * overwritten with the actual size. * * This function will return information about the PKCS 11 token such * as the label, id, etc. * + * When output is text, a null terminated string is written to @output and its + * string length is written to @output_size (without null terminator). If the + * buffer is too small, @output_size will contain the expected buffer size + * (with null terminator for text) and return %GNUTLS_E_SHORT_MEMORY_BUFFER. + * * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code * on error. * @@ -2465,6 +2476,7 @@ gnutls_pkcs11_token_get_info(const char *url, struct p11_kit_uri *info = NULL; const uint8_t *str; size_t str_max; + char *temp_str = NULL; size_t len; int ret; @@ -2505,10 +2517,14 @@ gnutls_pkcs11_token_get_info(const char *url, goto cleanup; } - snprintf(output, *output_size, "%s", tn.modname); - *output_size = strlen(output); - ret = 0; - goto cleanup; + temp_str = tn.modname; + if (temp_str == NULL) { + gnutls_assert(); + str_max = 0; + } else { + str = (uint8_t *)temp_str; + } + break; } default: gnutls_assert(); @@ -2516,14 +2532,21 @@ gnutls_pkcs11_token_get_info(const char *url, goto cleanup; } - len = p11_kit_space_strlen(str, str_max); + if (temp_str) + len = strlen(temp_str); + else if (str_max == 0) + len = 0; + else + len = p11_kit_space_strlen(str, str_max); if (len + 1 > *output_size) { *output_size = len + 1; - return GNUTLS_E_SHORT_MEMORY_BUFFER; + ret = GNUTLS_E_SHORT_MEMORY_BUFFER; + goto cleanup; } - memcpy(output, str, len); + if (len) + memcpy(output, str, len); ((char *) output)[len] = '\0'; *output_size = len; @@ -2531,6 +2554,7 @@ gnutls_pkcs11_token_get_info(const char *url, ret = 0; cleanup: + free(temp_str); p11_kit_uri_free(info); return ret; } @@ -2584,6 +2608,7 @@ gnutls_pkcs11_token_get_ptr(const char *url, void **ptr, unsigned long *slot_id, ret = 0; cleanup: + free(tn.modname); p11_kit_uri_free(info); return ret; } |