Check if attribute value can be read
jariq opened this issue · 0 comments
jariq commented
PKCS#11 v2.20 states on page 133:
If the specified attribute (i.e., the attribute specified by the type field) for the object cannot be revealed because the object is sensitive or unextractable, then the
ulValueLen
field in that triple is modified to hold the value-1
(i.e., when it is cast to aCK_LONG
, it holds-1
).
PKCS11-LOGGER does not seem to be checking for this case and as a result might crash when trying to allocate huge buffer:
0x0000053c : 0x00003b0c : Attribute: 17 (CKA_VALUE)
0x0000053c : 0x00003b0c : pValue: 000001CE9C210A60
0x0000053c : 0x00003b0c : ulValueLen: 4294967295
*** crash ***