Message ID | 20230110131947.59552-1-frank@lichtenheld.com |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] xkey_pkcs11h_sign: fix dangling pointer | expand |
Hi, On Tue, Jan 10, 2023 at 8:21 AM Frank Lichtenheld <frank@lichtenheld.com> wrote: > Warning by GCC 12: > pkcs11_openssl.c:237:22: warning: > dangling pointer ‘tbs’ to ‘enc’ may be used [-Wdangling-pointer=] > > Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> > --- > src/openvpn/pkcs11_openssl.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c > index 60bc1c47..ecf37ba0 100644 > --- a/src/openvpn/pkcs11_openssl.c > +++ b/src/openvpn/pkcs11_openssl.c > @@ -169,6 +169,9 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, > unsigned char buf[EVP_MAX_MD_SIZE]; > size_t buflen; > > + unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough for > DigestInfo header */ > + size_t enc_len = sizeof(enc); > + > if (!strcmp(sigalg.op, "DigestSign")) > { > msg(D_XKEY, "xkey_pkcs11h_sign: computing digest"); > @@ -214,9 +217,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, > { > /* CMA_RSA_PKCS needs pkcs1 encoded digest */ > > - unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough > for DigestInfo header */ > - size_t enc_len = sizeof(enc); > - > if (!encode_pkcs1(enc, &enc_len, sigalg.mdname, tbs, tbslen)) > { > return 0; > I can't believe I wrote that nonsense in the first place. Fortunately similar code in xkey_management_sign() is okay. Hard to catch in tests as the pointer may still point to the right data after going out of scope (dangling). Acked-by: Selva Nair <selva.nair@gmail.com> Selva
Haven't tested this beyond "does it compile on Github?" - it looks correct, though :-) Your patch has been applied to the master branch. commit 202b34da386c8574692111bad23814602d0e09f5 (master) commit 71f3a109f9f73f0d978f58e08caed896c064767f (release/2.6) Author: Frank Lichtenheld Date: Tue Jan 10 14:19:47 2023 +0100 xkey_pkcs11h_sign: fix dangling pointer Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Selva Nair <selva.nair@gmail.com> Message-Id: <20230110131947.59552-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25942.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c index 60bc1c47..ecf37ba0 100644 --- a/src/openvpn/pkcs11_openssl.c +++ b/src/openvpn/pkcs11_openssl.c @@ -169,6 +169,9 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, unsigned char buf[EVP_MAX_MD_SIZE]; size_t buflen; + unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough for DigestInfo header */ + size_t enc_len = sizeof(enc); + if (!strcmp(sigalg.op, "DigestSign")) { msg(D_XKEY, "xkey_pkcs11h_sign: computing digest"); @@ -214,9 +217,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, { /* CMA_RSA_PKCS needs pkcs1 encoded digest */ - unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough for DigestInfo header */ - size_t enc_len = sizeof(enc); - if (!encode_pkcs1(enc, &enc_len, sigalg.mdname, tbs, tbslen)) { return 0;
Warning by GCC 12: pkcs11_openssl.c:237:22: warning: dangling pointer ‘tbs’ to ‘enc’ may be used [-Wdangling-pointer=] Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> --- src/openvpn/pkcs11_openssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)