Memory corruption with firefox (reopen the bug #232)

[vletoux]

Hi,

I was able to reproduce the problem outlined in the bug #232
I'm running Firefox 36.0.4 on Windows 7 x64 with OpenSC 0.14.0 with a card for which I'm beginning to write a driver.
Insert the card triggers a crash few seconds after the insertion.
Tested with the binary version available on the website.

After an analysis, the crash occured when calling sc_pkcs11_get_mechanism_list from C_GetMechanismList as outline in the following capture

Because slot->card is null, the application crashes in the line:
for (n = 0; n < p11card->nmechanisms; n++) { of the function sc_pkcs11_get_mechanism_list

I saw your comment about a probable defect in the NSS interface, but it should be possible to introduce a defense programming check and return an error if there is no card.

for example:
if (slot->card == NULL)
return CKR_TOKEN_NOT_PRESENT;

The bug is still present in the source code

regards,

Vincent LE TOUX

http://www.mysmartlogon.com

[frankmorgner]

Unfortunately the pkcs11 module is really missing some parameter checks...

Could you check if #410 fixes your problem?