Hi,
El dt 09 de 05 del 2006 a les 14:10 +0200, en/na Nils Larsch va
escriure:
> Albert Solana wrote:
> > Hi,
> >
> > I think i've found a bug on OpenSC. Whenever I look for any certificate
> > on a smart card, searching by its subject, OpenSC returns no matches and
> > I have 3 certificates on it!
> >
> > I've found that on asn1_sequence_wrapper function returns a greater
> > attribute buffer size than it should be.
> >
> > I attach a patch created against 2941 revision that works for me.
> >
> > Could anyone test it and, if it's correct, apply it to OpenSC code?
> ...
> > Index: src/pkcs11/framework-pkcs15.c
> > ===================================================================
> > --- src/pkcs11/framework-pkcs15.c (revision 2941)
> > +++ src/pkcs11/framework-pkcs15.c (working copy)
> > @@ -2478,7 +2478,7 @@
> > size_t len2;
> >
> > len2 = len;
> > - check_attribute_buffer(attr, len + 1 + sizeof(len));
> > + check_attribute_buffer(attr, len + 1 + 1);
> >
> > dest = (u8 *) attr->pValue;
> > *dest++ = 0x30; /* SEQUENCE tag */
>
> I don't think your patch will work if we have "len > 127" as in
> this case the length of the value part of the sequence is encoded
> in more than one byte. The current code uses sizeof(len) == sizeof(size_t)
> as an upper bound for the length needed for the length bytes of the
> sequence (note: this is actually wrong as in case of for example
> 0x11223344 we need and additional fifth byte 0x84 for number of length
> bytes ...) a better solution would be to calculate the exact number
> of bytes needed for the length encoding, i.e. something like
> (untested !!):
Ok. You're right.
>
> size_t lenb = 1;
> if (len > 127) {
> unsigned int i = 0;
> lenb++; /* number of length bytes */
> for (i = 0; (len & (0xff << i)) != 0 && (0xff << i) != 0; i++)
> lenb++;
> }
> check_attribute_buffer(attr, 1 + lenb + len);
>
> Cheers,
> Nils
I've tested your proposal and works for me. I attach another patch.
Regards,
--
Albert Solana Berengué
[EMAIL PROTECTED]
C3PO, S.L.
http://www.c3po.es
C/Bertran, 113 - 08023 Barcelona
Tel. 93 417 99 55 - Fax. 93 253 12 80
Index: src/pkcs11/framework-pkcs15.c
===================================================================
--- src/pkcs11/framework-pkcs15.c (revision 2941)
+++ src/pkcs11/framework-pkcs15.c (working copy)
@@ -2478,7 +2478,14 @@
size_t len2;
len2 = len;
- check_attribute_buffer(attr, len + 1 + sizeof(len));
+ size_t lenb = 1;
+ if (len > 127) {
+ unsigned int i = 0;
+ lenb++; /* number of length bytes */
+ for (i = 0; (len & (0xff << i)) != 0 && (0xff << i) != 0; i++)
+ lenb++;
+ }
+ check_attribute_buffer(attr, 1 + lenb + len);
dest = (u8 *) attr->pValue;
*dest++ = 0x30; /* SEQUENCE tag */
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
