Leander Schröder
2018-03-27 22:07:27 UTC
Hi
I'm fairly certain I've found a bug in the pkcs11 plugin of libstrongswan
and have created a fix and pull request for it:
https://github.com/strongswan/strongswan/pull/96 .
The issue is that it's not checked whether the second call to
C_GetMechanismList is successful.
The code inside the if on line 904 (see [1]) will never be executed since
rv must be equal to CKR_OK (since it hasn't changed since line 894 (see
[2]) and the other path returns).
Please let me know what you think!
Best regards,
Leander
[1]:
https://github.com/strongswan/strongswan/pull/96/files#diff-577eda617d31f6956747f215423b7941L904
(rv
!= CKR_OK is always false)
[2]:
https://github.com/strongswan/strongswan/pull/96/files#diff-577eda617d31f6956747f215423b7941L894
(first
assignment)
I'm fairly certain I've found a bug in the pkcs11 plugin of libstrongswan
and have created a fix and pull request for it:
https://github.com/strongswan/strongswan/pull/96 .
The issue is that it's not checked whether the second call to
C_GetMechanismList is successful.
The code inside the if on line 904 (see [1]) will never be executed since
rv must be equal to CKR_OK (since it hasn't changed since line 894 (see
[2]) and the other path returns).
Please let me know what you think!
Best regards,
Leander
[1]:
https://github.com/strongswan/strongswan/pull/96/files#diff-577eda617d31f6956747f215423b7941L904
(rv
!= CKR_OK is always false)
[2]:
https://github.com/strongswan/strongswan/pull/96/files#diff-577eda617d31f6956747f215423b7941L894
(first
assignment)