From 8ac0152651725cfa3dd887f9f73e6ff9671ce2dd Mon Sep 17 00:00:00 2001 From: Bill Parker Date: Tue, 10 Jul 2018 12:34:00 +1000 Subject: [PATCH 1/2] check param_template[i].pValue is non NULL --- bin/pkcs11/pkcs11-keygen.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/bin/pkcs11/pkcs11-keygen.c b/bin/pkcs11/pkcs11-keygen.c index fe314ab409..9631c0ebf2 100644 --- a/bin/pkcs11/pkcs11-keygen.c +++ b/bin/pkcs11/pkcs11-keygen.c @@ -657,8 +657,18 @@ main(int argc, char *argv[]) { } /* Allocate space for parameter attributes */ - for (i = 0; i < param_attrcnt; i++) + for (i = 0; i < param_attrcnt; i++) { + param_template[i].pValue = NULL; + } + + for (i = 0; i < param_attrcnt; i++) { param_template[i].pValue = malloc(param_template[i].ulValueLen); + if (param_template[i].pValue == NULL) { + fprintf(stderr, "malloc failed\n"); + error = 1; + goto exit_params; + } + } rv = pkcs_C_GetAttributeValue(hSession, domainparams, dsa_param_template, DSA_PARAM_ATTRS); @@ -713,9 +723,13 @@ main(int argc, char *argv[]) { exit_params: /* Free parameter attributes */ - if (keyclass == key_dsa || keyclass == key_dh) - for (i = 0; i < param_attrcnt; i++) - free(param_template[i].pValue); + if (keyclass == key_dsa || keyclass == key_dh) { + for (i = 0; i < param_attrcnt; i++) { + if (param_template[i].pValue != NULL) { + free(param_template[i].pValue); + } + } + } exit_domain: /* Destroy domain parameters */ From 5a879071d01a4177c3fbbc4c839ae597a532e331 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 10 Jul 2018 14:24:43 -0700 Subject: [PATCH 2/2] CHANGES --- CHANGES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES b/CHANGES index 05171d4be7..3d7e6cca2c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4990. [bug] Prevent a possible NULL reference in pkcs11-keygen. + [GL #401] + 4989. [cleanup] IDN support in dig has been reworked. IDNA2003 fallbacks were removed in the process. [GL #384]