[gnutls-devel] GnuTLS | Fix matching of last key of a pkcs#11 token (!1560)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon Mar 21 10:27:39 CET 2022




Daiki Ueno started a new discussion on lib/pkcs11.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1560#note_881711609

>  		}
>  
>  		if (current > list->key_ids_size)
>  			break;

I suspect this condition might have an off-by-one error (and might potentially cause out-of-bound write to `list->key_ids` array in a hypothetical case, i.e., the second C_FindObjects returns more results than the first call does).

To make the loop invariant clear, maybe it could be merged into the `while` condition above, something like:
```c
	while (pkcs11_find_objects
	       (sinfo->module, sinfo->pks, &ctx, 1, &count) == CKR_OK
	       && count == 1
               && current < list->key_ids_size) {
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1560#note_881711609
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220321/839b9791/attachment.html>


More information about the Gnutls-devel mailing list