[Opencryptoki-tech] [PATCH 1/2] Moderate fixes to the key unwrapping mechanisms

Thu, 29 Jul 2010 12:41:02 -0700 

 * In key_mgr_unwrap_key(), don't use key_obj to check for
   h_unwrapping key validity, as it could be incorrectly
   free()'ed later in case of error.

 * Just to be safe, make obj_mgr_find_in_map1() function return
   NULL as object pointer *ptr if the function fails

Signed-off-by: Klaus Heinrich Kiwi <[email protected]>
---
 usr/lib/pkcs11/common/key_mgr.c |    4 ++--
 usr/lib/pkcs11/common/obj_mgr.c |    3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/usr/lib/pkcs11/common/key_mgr.c b/usr/lib/pkcs11/common/key_mgr.c
index 3759907..8f87b84 100755
--- a/usr/lib/pkcs11/common/key_mgr.c
+++ b/usr/lib/pkcs11/common/key_mgr.c
@@ -1039,7 +1039,7 @@ key_mgr_unwrap_key( SESSION           * sess,
                     CK_OBJECT_HANDLE  * h_unwrapped_key )
 {
    ENCR_DECR_CONTEXT * ctx = NULL;
-   OBJECT            * key_obj = NULL;
+   OBJECT            * key_obj = NULL, * tmp_obj = NULL;
    CK_BYTE           * data = NULL;
    CK_ULONG            data_len;
    CK_ULONG            keyclass, keytype;
@@ -1053,7 +1053,7 @@ key_mgr_unwrap_key( SESSION           * sess,
       return CKR_FUNCTION_FAILED;
    }
 
-   rc = object_mgr_find_in_map1( h_unwrapping_key, &key_obj );
+   rc = object_mgr_find_in_map1( h_unwrapping_key, &tmp_obj );
    if (rc != CKR_OK){
       st_err_log(62, __FILE__, __LINE__);
       return CKR_WRAPPING_KEY_HANDLE_INVALID;
diff --git a/usr/lib/pkcs11/common/obj_mgr.c b/usr/lib/pkcs11/common/obj_mgr.c
index d0432c7..f7eecbc 100755
--- a/usr/lib/pkcs11/common/obj_mgr.c
+++ b/usr/lib/pkcs11/common/obj_mgr.c
@@ -1258,6 +1258,9 @@ object_mgr_find_in_map1( CK_OBJECT_HANDLE    handle,
       return CKR_FUNCTION_FAILED;
    }
 
+   // Initialize *ptr to NULL in case we return in error
+   *ptr = NULL;
+
    if (!handle){
       st_err_log(30, __FILE__, __LINE__);
       return CKR_OBJECT_HANDLE_INVALID;
-- 
1.7.2


------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
_______________________________________________
Opencryptoki-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech

Reply via email to