From f51ab92f5f81bd08bcf9bd3b0afc545684a6ea7e Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Wed, 27 Sep 2017 17:29:58 +0200 Subject: rpc: Fix crash when retrieving attribute length It is possible that NULL is given to the serializers, when C_GetAttributeValue() just wants to know the size of an attribute. Previously, this resulted in giving NULL to memcpy(). --- p11-kit/test-rpc.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'p11-kit/test-rpc.c') diff --git a/p11-kit/test-rpc.c b/p11-kit/test-rpc.c index 7c563cf..09f30e0 100644 --- a/p11-kit/test-rpc.c +++ b/p11-kit/test-rpc.c @@ -633,6 +633,33 @@ test_mechanism_value (void) p11_rpc_mechanisms_override_supported = mechanisms; } +static void +test_message_write (void) +{ + p11_rpc_message msg; + p11_buffer buffer; + CK_BBOOL truev = CK_TRUE; + CK_ULONG zerov = (CK_ULONG)0; + char labelv[] = "label"; + CK_ATTRIBUTE attrs[] = { + { CKA_MODIFIABLE, &truev, sizeof (truev) }, + { CKA_LABEL, labelv, sizeof (labelv) }, + /* These are cases when C_GetAttributeValue is called + * to obtain the length */ + { CKA_COPYABLE, NULL, sizeof (truev) }, + { CKA_BITS_PER_PIXEL, NULL, sizeof (zerov) } + }; + bool ret; + + ret = p11_buffer_init (&buffer, 0); + assert_num_eq (true, ret); + p11_rpc_message_init (&msg, &buffer, &buffer); + ret = p11_rpc_message_write_attribute_array (&msg, attrs, ELEMS(attrs)); + assert_num_eq (true, ret); + p11_rpc_message_clear (&msg); + p11_buffer_uninit (&buffer); +} + static p11_virtual base; static unsigned int rpc_initialized = 0; @@ -1324,6 +1351,7 @@ main (int argc, p11_test (test_date_value, "/rpc/date-value"); p11_test (test_byte_array_value, "/rpc/byte-array-value"); p11_test (test_mechanism_value, "/rpc/mechanism-value"); + p11_test (test_message_write, "/rpc/message-write"); p11_test (test_initialize_fails_on_client, "/rpc/initialize-fails-on-client"); p11_test (test_initialize_fails_on_server, "/rpc/initialize-fails-on-server"); -- cgit v1.1