diff mbox series

[Openvpn-devel] xkey_pkcs11h_sign: fix dangling pointer

Message ID 20230110131947.59552-1-frank@lichtenheld.com
State Accepted
Headers show
Series [Openvpn-devel] xkey_pkcs11h_sign: fix dangling pointer | expand

Commit Message

Frank Lichtenheld Jan. 10, 2023, 1:19 p.m. UTC 
Warning by GCC 12:
pkcs11_openssl.c:237:22: warning:
dangling pointer ‘tbs’ to ‘enc’ may be used [-Wdangling-pointer=]

Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
---
 src/openvpn/pkcs11_openssl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Selva Nair Jan. 10, 2023, 5:47 p.m. UTC | #1 
Hi,

On Tue, Jan 10, 2023 at 8:21 AM Frank Lichtenheld <frank@lichtenheld.com>
wrote:

> Warning by GCC 12:
> pkcs11_openssl.c:237:22: warning:
> dangling pointer ‘tbs’ to ‘enc’ may be used [-Wdangling-pointer=]
>
> Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
> ---
>  src/openvpn/pkcs11_openssl.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
> index 60bc1c47..ecf37ba0 100644
> --- a/src/openvpn/pkcs11_openssl.c
> +++ b/src/openvpn/pkcs11_openssl.c
> @@ -169,6 +169,9 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
>      unsigned char buf[EVP_MAX_MD_SIZE];
>      size_t buflen;
>
> +    unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough for
> DigestInfo header */
> +    size_t enc_len = sizeof(enc);
> +
>      if (!strcmp(sigalg.op, "DigestSign"))
>      {
>          msg(D_XKEY, "xkey_pkcs11h_sign: computing digest");
> @@ -214,9 +217,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
>          {
>              /* CMA_RSA_PKCS needs pkcs1 encoded digest */
>
> -            unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough
> for DigestInfo header */
> -            size_t enc_len = sizeof(enc);
> -
>              if (!encode_pkcs1(enc, &enc_len, sigalg.mdname, tbs, tbslen))
>              {
>                  return 0;
>

I can't believe I wrote that nonsense in the first place. Fortunately
similar code in xkey_management_sign() is okay. Hard to catch in tests as
the pointer may still point to the right data after going out of scope
(dangling).

Acked-by: Selva Nair <selva.nair@gmail.com>

Selva
Gert Doering Jan. 10, 2023, 7:46 p.m. UTC | #2 
Haven't tested this beyond "does it compile on Github?" - it looks
correct, though :-)

Your patch has been applied to the master branch.

commit 202b34da386c8574692111bad23814602d0e09f5 (master)
commit 71f3a109f9f73f0d978f58e08caed896c064767f (release/2.6)
Author: Frank Lichtenheld
Date:   Tue Jan 10 14:19:47 2023 +0100

     xkey_pkcs11h_sign: fix dangling pointer

     Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
     Acked-by: Selva Nair <selva.nair@gmail.com>
     Message-Id: <20230110131947.59552-1-frank@lichtenheld.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25942.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index 60bc1c47..ecf37ba0 100644
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -169,6 +169,9 @@  xkey_pkcs11h_sign(void *handle, unsigned char *sig,
     unsigned char buf[EVP_MAX_MD_SIZE];
     size_t buflen;
 
+    unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough for DigestInfo header */
+    size_t enc_len = sizeof(enc);
+
     if (!strcmp(sigalg.op, "DigestSign"))
     {
         msg(D_XKEY, "xkey_pkcs11h_sign: computing digest");
@@ -214,9 +217,6 @@  xkey_pkcs11h_sign(void *handle, unsigned char *sig,
         {
             /* CMA_RSA_PKCS needs pkcs1 encoded digest */
 
-            unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough for DigestInfo header */
-            size_t enc_len = sizeof(enc);
-
             if (!encode_pkcs1(enc, &enc_len, sigalg.mdname, tbs, tbslen))
             {
                 return 0;