Hello Ludovic,
the attached patch prevents the access of unallocated memory in
pam_pkcs11. This happens while performing on-line certificate
verification. The case where crl:s are fetched via http-request. Two
additional fixes are included. Changes in detail:
* add missing return statement
* allocate enough memory to fit http-request
* check if complete message was transmitted
Regards
Andre Zepezauer
Index: common/uri.c
===================================================================
--- common/uri.c (revision 456)
+++ common/uri.c (working copy)
@@ -387,6 +387,7 @@
if (sock == -1) {
freeaddrinfo(info);
set_error("socket() failed: %s", strerror(errno));
+ return -1;
}
DBG("connecting...");
rv = connect(sock, info->ai_addr, info->ai_addrlen);
@@ -397,16 +398,17 @@
return -1;
}
/* send http 1.0 request */
- request = malloc(21 + strlen(uri->http->path) + strlen(uri->http->host));
+ request = malloc(32 + strlen(uri->http->path) + strlen(uri->http->host));
if (request == NULL) {
close(sock);
set_error("not enough free memory available");
return -1;
}
sprintf(request, "GET %s HTTP/1.0\nHost: %s\n\n\n", uri->http->path, uri->http->host);
- rv = send(sock, request, strlen(request), 0);
+ len = strlen(request);
+ rv = send(sock, request, len, 0);
free(request);
- if (rv <= 0) {
+ if (rv != len) {
close(sock);
set_error("send() failed: %s", strerror(errno));
return -1;
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
