Hi, On Sun, 2020-07-19 at 22:33 -0400, Guillaume Amringer wrote: > The extension is currently hosted here: > https://github.com/gamringer/php-pkcs11
I scrolled over it without much attention (thus probably missed other issues) a few comments to this line I noticed: pSlotList = (CK_SLOT_ID_PTR) malloc(ulSlotCount * sizeof(CK_SLOT_ID)); https://github.com/gamringer/php-pkcs11/blob/master/pkcs11.c#L300 1. The return value of malloc() is not checked. If the system runs out of memory (OOM) or for some other reason can't return a memory block this will return NULL and then lead to undefined behavior later. (unlikely on today's systems, but might happen) 2. emalloc should be used instead of malloc. For one it counts towards PHP's memory_limit, ten it also ensures the memory is freed if something weird happens by the end of the request, thus reduces risk of memory leaks and it fixes point 1. by terminating the request in an OOM situation. 3. ulSlotCount * sizeof(CK_SLOT_ID) could eventually overflow. Better use safe_emalloc(ulSlotCount, sizeof(CK_SLOT_ID), 0) this calculates ulSlotCount * sizeof(CK_SLOT_ID) + 0 in a overflow-safe way and errors out in case of a problem. johannes -- PECL development discussion Mailing List (https://pecl.php.net/) To unsubscribe, visit: https://www.php.net/unsub.php
