Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:coldboot
yubico-piv-tool
yubico-piv-tool-2.3.0-use-after-free.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File yubico-piv-tool-2.3.0-use-after-free.patch of Package yubico-piv-tool
From 07d280a83f5145017de4ebf6a2af21658e22fddf Mon Sep 17 00:00:00 2001 From: Veronika Hanulikova <vhanulik@redhat.com> Date: Wed, 2 Mar 2022 10:32:48 +0100 Subject: [PATCH] Fix use after free Causes errors "may be used after 'free'", since `dec` is not allocated again after `free()`. Also, removed assigning of `sizeof(dec)`, because `dec` is not static array, but allocated. --- ykcs11/tests/ykcs11_tests_util.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ykcs11/tests/ykcs11_tests_util.c b/ykcs11/tests/ykcs11_tests_util.c index e63091e9..530d9028 100644 --- a/ykcs11/tests/ykcs11_tests_util.c +++ b/ykcs11/tests/ykcs11_tests_util.c @@ -1193,7 +1193,7 @@ void test_rsa_decrypt(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_ CK_BYTE* data; CK_BYTE enc[512] = {0}; CK_BYTE* dec; - CK_ULONG dec_len; + CK_ULONG dec_len, dec_len_backup; if(padding == RSA_NO_PADDING) { data_len = RSA_size(rsak); @@ -1228,12 +1228,14 @@ void test_rsa_decrypt(CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE session, CK_ // Decrypt Update asrt(funcs->C_DecryptInit(session, &mech, obj_pvtkey[i]), CKR_OK, "DECRYPT INIT"); asrt(funcs->C_Login(session, CKU_CONTEXT_SPECIFIC, (CK_CHAR_PTR)"123456", 6), CKR_OK, "Re-Login USER"); - dec_len = sizeof(dec); + dec = malloc(dec_len); + dec_len_backup = dec_len; asrt(funcs->C_DecryptUpdate(session, enc, 100, dec, &dec_len), CKR_OK, "DECRYPT UPDATE"); - dec_len = sizeof(dec); + dec_len = dec_len_backup; asrt(funcs->C_DecryptUpdate(session, enc+100, 8, dec, &dec_len), CKR_OK, "DECRYPT UPDATE"); - dec_len = sizeof(dec); + dec_len = dec_len_backup; asrt(funcs->C_DecryptUpdate(session, enc+108, 20, dec, &dec_len), CKR_OK, "DECRYPT UPDATE"); + free(dec); dec_len = 0; asrt(funcs->C_DecryptFinal(session, NULL, &dec_len), CKR_OK, "DECRYPT FINAL"); dec = malloc(dec_len);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor