valgrind --track-origins=true says:
==13529== Conditional jump or move depends on uninitialised value(s)
==13529== at 0x4AF92D1: PK11_MakeString (pk11slot.c:1073)
==13529== by 0x4AFA5AA: PK11_InitSlot (pk11slot.c:1456)
==13529== by 0x4AE315E: secmod_LoadPKCS11Module (pk11load.c:563)
==13529== by 0x4AEF68C: SECMOD_LoadModule (pk11pars.c:1838)
==13529== by 0x4AEF7C7: SECMOD_LoadModule (pk11pars.c:1874)
==13529== by 0x4ABCB6A: nss_InitModules (nssinit.c:464)
==13529== by 0x4ABCB6A: nss_Init (nssinit.c:689)
==13529== by 0x4ABD17C: NSS_Init (nssinit.c:824)
==13529== by 0x4059C0: main (pesign.c:354)
==13529== Uninitialised value was created by a stack allocation
==13529== at 0x484D175: C_Initialize (in /usr/lib64/libykcs11.so.1.5.0)
This is the result of a combination of two problems. In
ykcs11/utils.c:parse_readers(), the code does:
for (i = 0; i < len; i++)
if (readers[i] == '\0' && i != len - 1) {
But in ykcs11/ykcs11.c:C_Initialize(), the parts of readers[] that are
initialized are only the parts that have been populated; the rest of
the array is still just whatever value is on the stack. Additionally,
in lib/ykpiv.c:ykpiv_list_readers(), which populates the array, the
length is updated only in the case where the buffer is smaller than the
data, not when there is additional buffer but no data:
if (num_readers > *len) {
num_readers = (pcsc_word)*len;
}
The result is that if the amount of reader data is smaller than 2048
bytes, PK11_InitSlot() will try to find reader data in the rest of the
array, which has not been initialized.
This patch adds an initialization for the data to set it all '\0', and
also updates the length when there is excess buffer available.
Signed-off-by: Peter Jones <pjones@redhat.com>
* Port ykpiv_auth_getchallenge and ykpiv_auth_verifyresponse
- Commit 8fde607b50b19c57a662c53c6b276b54a78606d8
- Commit 6046b98e477cfef59a590ce2177336d694813e7e
- Commit 422cea11745dc67d15039e242ed21ecb5208ae55
- Commit 1d31647e5a27bd2df6bda76512c7d673980f0bec
* Rename connect2() and done2() to connect_with_external_card(), etc.
* Select applet in ykpiv_change_pin, change_puk, and unblock_pin
* Support unit tests on Yubikey NEO
* Test ykpiv_get_version
* Test ykpiv_import_private_key
* Test ykpiv_sign_data
* Test ykpiv_decipher_data
* Test ykpiv_change_pin
* Test ykpiv_change_puk
* Test ykpiv_get_pin_retries
* Test ykpiv_set_pin_retries
* Test ykpiv_verify
* Fix segfault when |tries| is NULL
* Fix segfault when import_private_key algorithm is wrong