pkcs11_write: Copy data to avoid double-free crashes and properly encode EC_POINT...

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index ab740dcd62ac82e9957ce5f7e04f2ba84c4f3418..3ce794b076ae3a8a8f8029dbb58162d8ee4d8ffd 100644 (file)
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -358,7 +358,7 @@ static int add_pubkey(gnutls_pubkey_t pubkey, struct ck_attribute *a, unsigned *
                break;
        }
        case GNUTLS_PK_EDDSA_ED25519: {
-               gnutls_datum_t params;
+               gnutls_datum_t params, ecpoint;
 
                ret =
                    _gnutls_x509_write_ecc_params(pubkey->params.curve,
@@ -373,9 +373,18 @@ static int add_pubkey(gnutls_pubkey_t pubkey, struct ck_attribute *a, unsigned *
                a[*a_val].value_len = params.size;
                (*a_val)++;
 
+               ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING,
+                                                pubkey->params.raw_pub.data,
+                                                pubkey->params.raw_pub.size,
+                                                &ecpoint);
+               if (ret < 0) {
+                       gnutls_assert();
+                       return ret;
+               }
+
                a[*a_val].type = CKA_EC_POINT;
-               a[*a_val].value = pubkey->params.raw_pub.data;
-               a[*a_val].value_len = pubkey->params.raw_pub.size;
+               a[*a_val].value = ecpoint.data;
+               a[*a_val].value_len = ecpoint.size;
                (*a_val)++;
                break;
        }