You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was able to reproduce the problem outlined in the bug #232
I'm running Firefox 36.0.4 on Windows 7 x64 with OpenSC 0.14.0 with a card for which I'm beginning to write a driver.
Insert the card triggers a crash few seconds after the insertion.
Tested with the binary version available on the website.
After an analysis, the crash occured when calling sc_pkcs11_get_mechanism_list from C_GetMechanismList as outline in the following capture
Because slot->card is null, the application crashes in the line:
for (n = 0; n < p11card->nmechanisms; n++) { of the function sc_pkcs11_get_mechanism_list
I saw your comment about a probable defect in the NSS interface, but it should be possible to introduce a defense programming check and return an error if there is no card.
for example:
if (slot->card == NULL)
return CKR_TOKEN_NOT_PRESENT;
Hi,
I was able to reproduce the problem outlined in the bug #232
I'm running Firefox 36.0.4 on Windows 7 x64 with OpenSC 0.14.0 with a card for which I'm beginning to write a driver.
Insert the card triggers a crash few seconds after the insertion.
Tested with the binary version available on the website.
After an analysis, the crash occured when calling sc_pkcs11_get_mechanism_list from C_GetMechanismList as outline in the following capture
![bug](https://cloud.githubusercontent.com/assets/10632326/6872756/77c040e4-d4ab-11e4-8dc5-f7307e244dab.png)
Because slot->card is null, the application crashes in the line:
![sans titre](https://cloud.githubusercontent.com/assets/10632326/6872879/7f0546b4-d4ac-11e4-9628-a67a310dc2ec.png)
for (n = 0; n < p11card->nmechanisms; n++) { of the function sc_pkcs11_get_mechanism_list
I saw your comment about a probable defect in the NSS interface, but it should be possible to introduce a defense programming check and return an error if there is no card.
for example:
if (slot->card == NULL)
return CKR_TOKEN_NOT_PRESENT;
The bug is still present in the source code
regards,
Vincent LE TOUX
http://www.mysmartlogon.com
The text was updated successfully, but these errors were encountered: