]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a567fc8)
lib/pkcs11.c: fix dangling pointer in pkcs11_read_pubkey
authorGhadi Elie Rahme <ghadi.rahme@canonical.com>
Tue, 24 Feb 2026 15:57:12 +0000 (15:57 +0000)
committerGhadi Elie Rahme <ghadi.rahme@canonical.com>
Wed, 15 Apr 2026 16:10:41 +0000 (16:10 +0000)
Fixes a dangling pointer affecting CKK_EC_EDWARD. if _gnutls_pubkey_parse_ecc_eddsa_params
or _gnutls_ecc_curve_get_params fail, the cleanup section will be executed freeing tmpX
and leaving the datum in pobj dangling.

Signed-off-by: Ghadi Elie Rahme <ghadi.rahme@canonical.com>
lib/pkcs11.c patch | blob | blame | history

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index f9cf273a7147461199ddccb83ea6675e4eb2eed8..9d6fae045add5851c64e31dd60c108bb3a791f4a 100644 (file)
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1976,17 +1976,11 @@ int pkcs11_read_pubkey(struct ck_function_list *module, ck_session_handle_t pks,
                    CKR_OK) {
                        gnutls_ecc_curve_t curve;
                        const gnutls_ecc_curve_entry_st *ce;
+                       gnutls_datum_t temp_datum = { a[0].value,
+                                                     a[0].value_len };
 
-                       pobj->pubkey[0].data = a[0].value;
-                       pobj->pubkey[0].size = a[0].value_len;
-
-                       pobj->pubkey[1].data = a[1].value;
-                       pobj->pubkey[1].size = a[1].value_len;
-
-                       pobj->pubkey_size = 2;
-
-                       ret = _gnutls_pubkey_parse_ecc_eddsa_params(
-                               &pobj->pubkey[0], &curve);
+                       ret = _gnutls_pubkey_parse_ecc_eddsa_params(&temp_datum,
+                                                                   &curve);
                        if (ret < 0) {
                                ret = GNUTLS_E_INVALID_REQUEST;
                                goto cleanup;
@@ -1996,6 +1990,11 @@ int pkcs11_read_pubkey(struct ck_function_list *module, ck_session_handle_t pks,
                                ret = GNUTLS_E_INVALID_REQUEST;
                                goto cleanup;
                        }
+                       pobj->pubkey[0].data = a[0].value;
+                       pobj->pubkey[0].size = a[0].value_len;
+                       pobj->pubkey[1].data = a[1].value;
+                       pobj->pubkey[1].size = a[1].value_len;
+                       pobj->pubkey_size = 2;
                        pobj->pk_algorithm = ce->pk;
                } else {
                        gnutls_assert();
Mirror of https://gitlab.com/gnutls/gnutls.git