Re: [Opensc-devel] suggested small fix

[Douglas E E. <dee...@gm...>]

Why does the x509cert_info  have fixed length arrays? Why not pointers?
Its using OpenSSL routines that can handle this...

Why not:

struct x509cert_info {
         unsigned char   * subject;
         int             subject_len;
         unsigned char   * issuer;
         int             issuer_len;
         unsigned char   * serialnum;
         int             serialnum_len;
};

The patch to do this would be larger,  but would remove the length restrictions.



On 4/10/2014 9:46 AM, Ludovic Rousseau wrote:
> 2014-04-10 15:03 GMT+02:00 Umberto Rustichelli aka Ubi <op...@se...>:
>> On 04/10/2014 02:57 PM, Umberto Rustichelli aka Ubi wrote:
>>> IMHO in opensc source, file src/tools/pkcs11-tool.c, function
>>>
>>> parse_certificate(struct x509cert_info *cert,
>>>                  unsigned char *data, int len)
>>>
>>> behaviour can potentially corrupt memory or lead to a segmentation fault.
>>>
>> Well, to be precise if it corrupts memory, there are two possibilities:
>> the issue is trapped and the program exists with an error or there is a
>> segmentation fault.
>> No way the code will proceed with a corruption in memory without
>> stopping, which is of course a good thing.
>>
>> Comments? Do I miss somenting?
> Memory corruption can have very bad effects.
>
> I opened a pull request at https://github.com/OpenSC/OpenSC/pull/231
> Thanks
>

-- 

  Douglas E. Engert  <DEE...@gm...>