-
Notifications
You must be signed in to change notification settings - Fork 705
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkcs15-init segfaults with a very long --label #2398
Comments
Can you run this as: Form message "Failed to create PKCS #15 meta structure: Wrong length" it is not clear where the test of a length is being done, or what is being tested. The log would help show where message was being produced. The failure is while cleaning up and free(apps->label) is most likely a double free or uninitialized pointer. |
Output of above, piped to file: pkcs15-init.log |
@Jakuje This is from opensc-0.21.0-4.fc34.x86_64 @FeitianSmartcardReader Is there a limit on the size of the label for the ePass2003? Line starting at: 3613 were label is 45 bytes:
Line 3653 card returned 6700 which maps to
Line 3671:
passes back the error. The card is enforcing some limit to the size of the "dir" record. But the code continues on: Line 3672:
I would expect the code to have started a cleanup here.
And there is a FIXME comment that should be addressed. But I have been looking at the OpenSC source, 0.20.0 and 0.21.0. Your source say it is from opensc-0.21.0-4.fc34.x86_64 and have some additional changes . Can you try running the code in 0.22.0 https://github.com/OpenSC/OpenSC/releases or build from git. |
I'm not able to make use of the OpenSC 0.22.0 release and up due to bug #2397 due to which |
I think (de-)allocations will be tracked, if you run your command as
|
I thing there is some problem with the ACLs, or caching of ACLs or files. 0.20.0 "sc_pkcs15init_authenticate: acl 0x561049d061c0" then goes on to do a verify using the user pin. "`PIN('user PIN',type:0x10,reference:0x2)" 0.22.0 "sc_pkcs15init_authenticate: acl (nil)" then tries to write '4401' but ends with: 0.20.0 (Ubuntu-20.04) does:
But with 0.22.0 from github:
Hopefully some one can look at this closer. There are a few other minor things too. Will submit PR later in week or week end. |
pkcs15init/pkcs15-lib.c in sc_pkcs15init_add_app had: /* FIXME: what to do if sc_pkcs15init_update_dir failed? */ This fixes the problem. Fixes: OpenSC#2398 in that it will not segfault. On branch epass2003-init Changes to be committed: modified: ../pkcs15init/pkcs15-lib.c
To add a long label you can modify the epass2003.profile: line 45:
I leave it up to you to test any longer labels. |
Actually in my testing I changed both the |
pkcs15init/pkcs15-lib.c in sc_pkcs15init_add_app had: /* FIXME: what to do if sc_pkcs15init_update_dir failed? */ This fixes the problem. Fixes: OpenSC#2398 in that it will not segfault. On branch epass2003-init Changes to be committed: modified: ../pkcs15init/pkcs15-lib.c
Problem Description
I'm using
opensc-0.21.0-4.fc34.x86_64
on Fedora 34.The following command segfaults:
Proposed Resolution
pkcs15-init
should not segfault.Steps to reproduce
Run the above commands.
Backtrace from the core
The text was updated successfully, but these errors were encountered: