[Pcsclite-cvs-commit] PKCS11/src p11x_object.c,1.41,1.42
rousseau@quantz.debian.org
rousseau@quantz.debian.org
Fri, 28 Nov 2003 10:47:15 +0100
Update of /cvsroot/muscleapps/PKCS11/src
In directory quantz:/tmp/cvs-serv4908
Modified Files:
p11x_object.c
Log Message:
be sure the dynamically allocated buffer is large enough. Thanks to Ulf
Möller.
Index: p11x_object.c
===================================================================
RCS file: /cvsroot/muscleapps/PKCS11/src/p11x_object.c,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -r1.41 -r1.42
--- p11x_object.c 26 Nov 2003 20:36:23 -0000 1.41
+++ p11x_object.c 28 Nov 2003 09:47:13 -0000 1.42
@@ -712,7 +712,14 @@
{
{
CK_BYTE *buf;
- buf = (CK_BYTE *)malloc((attrib->ulValueLen * 3) + 1);
+ int len = attrib->ulValueLen;
+
+ /* be sure object_GetAttrib() worked before dereferencing
+ * obj_attrib */
+ if ((rv == CKR_OK) && (obj_attrib->attrib.ulValueLen > len))
+ len = obj_attrib->attrib.ulValueLen;
+
+ buf = (CK_BYTE *)malloc((len * 3) + 1);
if (buf == NULL)
return CKR_HOST_MEMORY;
object_BinToHex((CK_BYTE *)forward, attrib->ulValueLen, buf);