Hi,

On Sun, 2020-07-19 at 22:33 -0400, Guillaume Amringer wrote:
> The extension is currently hosted here:
> https://github.com/gamringer/php-pkcs11

I scrolled over it without much attention (thus probably missed other
issues) a few comments to this line I noticed:

 pSlotList = (CK_SLOT_ID_PTR) malloc(ulSlotCount * sizeof(CK_SLOT_ID));
 https://github.com/gamringer/php-pkcs11/blob/master/pkcs11.c#L300

   1. The return value of malloc() is not checked. If the system runs out
      of memory (OOM) or for some other reason can't return a memory block
      this will return NULL and then lead to undefined behavior later.
      (unlikely on today's systems, but might happen)
   2. emalloc should be used instead of malloc. For one it counts towards
      PHP's memory_limit, ten it also ensures the memory is freed if
      something weird happens by the end of the request, thus reduces risk
      of memory leaks and it fixes point 1. by terminating the request in
      an OOM situation.
   3. ulSlotCount * sizeof(CK_SLOT_ID) could eventually overflow. Better
      use 
         safe_emalloc(ulSlotCount, sizeof(CK_SLOT_ID), 0)
      this
      calculates
          ulSlotCount * sizeof(CK_SLOT_ID) + 0
      in a overflow-safe 
      way and errors out in case of a problem.

johannes

-- 
PECL development discussion Mailing List (https://pecl.php.net/)
To unsubscribe, visit: https://www.php.net/unsub.php

Reply via email to