1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
https://bugs.gentoo.org/909781
https://github.com/OpenSC/OpenSC/pull/2765
From 36178c8188521f2627d2eea428a7e53d149eed58 Mon Sep 17 00:00:00 2001
From: Peter Popovec <popovec.peter@gmail.com>
Date: Fri, 28 Apr 2023 10:50:25 +0200
Subject: [PATCH] Fix pkcs11-tool unwrap / incorrect CKA_ID
"object_id[]" and "id_len" must be allocated so that it is not deallocated
or overwritten (on the stack) at the time of the C_UnwrapKey() call.
modified: src/tools/pkcs11-tool.c
---
src/tools/pkcs11-tool.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index 890ca27060..f3a01ab4cf 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -3347,6 +3347,8 @@ unwrap_key(CK_SESSION_HANDLE session)
{CKA_CLASS, &secret_key_class, sizeof(secret_key_class)},
{CKA_TOKEN, &_true, sizeof(_true)},
};
+ CK_BYTE object_id[100];
+ size_t id_len;
CK_OBJECT_HANDLE hSecretKey;
int n_attr = 2;
CK_RV rv;
@@ -3450,9 +3452,6 @@ unwrap_key(CK_SESSION_HANDLE session)
}
if (opt_application_id != NULL) {
- CK_BYTE object_id[100];
- size_t id_len;
-
id_len = sizeof(object_id);
if (!sc_hex_to_bin(opt_application_id, object_id, &id_len)) {
FILL_ATTR(keyTemplate[n_attr], CKA_ID, object_id, id_len);
|