Pkcs11Interop/pkcs11-logger

Check if attribute value can be read

jariq opened this issue · 0 comments

jariq commented

PKCS#11 v2.20 states on page 133:

If the specified attribute (i.e., the attribute specified by the type field) for the object cannot be revealed because the object is sensitive or unextractable, then the ulValueLen field in that triple is modified to hold the value -1 (i.e., when it is cast to a CK_LONG, it holds -1).

PKCS11-LOGGER does not seem to be checking for this case and as a result might crash when trying to allocate huge buffer:

0x0000053c : 0x00003b0c :    Attribute: 17 (CKA_VALUE)
0x0000053c : 0x00003b0c :    pValue: 000001CE9C210A60
0x0000053c : 0x00003b0c :    ulValueLen: 4294967295
*** crash ***