diff options
author | hyunsube.lee <hyunsube.lee@samsung.com> | 2023-05-04 18:13:21 +0900 |
---|---|---|
committer | hyunsube.lee <hyunsube.lee@samsung.com> | 2023-06-21 14:26:52 +0900 |
commit | 802dcac32f9ff0b2bace7cc731a1767ab1182638 (patch) | |
tree | 0607694331820c27d84749f7d6ad2a1505b1f920 /lib/isc | |
parent | d1e8304a9ebd688fff94064926f92fa4480a6987 (diff) | |
download | bind-tizen_6.0.tar.gz bind-tizen_6.0.tar.bz2 bind-tizen_6.0.zip |
[CVE-2020-8623] A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.csubmit/tizen_6.0/20230621.060633accepted/tizen/6.0/unified/20230626.074933tizen_6.0accepted/tizen_6.0_unified
Change-Id: Idb5f01dbc5d4f4827a2d420e5c4720f36e81540e
Diffstat (limited to 'lib/isc')
-rw-r--r-- | lib/isc/include/pk11/internal.h | 2 | ||||
-rw-r--r-- | lib/isc/pk11.c | 61 |
2 files changed, 40 insertions, 23 deletions
diff --git a/lib/isc/include/pk11/internal.h b/lib/isc/include/pk11/internal.h index aa8907ab..563bf91d 100644 --- a/lib/isc/include/pk11/internal.h +++ b/lib/isc/include/pk11/internal.h @@ -25,7 +25,7 @@ void pk11_mem_put(void *ptr, size_t size); CK_SLOT_ID pk11_get_best_token(pk11_optype_t optype); -unsigned int pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt); +isc_result_t pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt, unsigned int *bits); CK_ATTRIBUTE *pk11_attribute_first(const pk11_object_t *obj); diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c index 49861f2e..f95bcd75 100644 --- a/lib/isc/pk11.c +++ b/lib/isc/pk11.c @@ -636,13 +636,15 @@ pk11_get_best_token(pk11_optype_t optype) { return (token->slotid); } -unsigned int -pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt) { +isc_result_t +pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt, unsigned int *bits) { unsigned int bitcnt, i; CK_BYTE top; - if (bytecnt == 0) - return (0); + if (bytecnt == 0) { + *bits = 0; + return (ISC_R_SUCCESS); + } bitcnt = bytecnt * 8; for (i = 0; i < bytecnt; i++) { top = data[i]; @@ -650,26 +652,41 @@ pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt) { bitcnt -= 8; continue; } - if (top & 0x80) - return (bitcnt); - if (top & 0x40) - return (bitcnt - 1); - if (top & 0x20) - return (bitcnt - 2); - if (top & 0x10) - return (bitcnt - 3); - if (top & 0x08) - return (bitcnt - 4); - if (top & 0x04) - return (bitcnt - 5); - if (top & 0x02) - return (bitcnt - 6); - if (top & 0x01) - return (bitcnt - 7); + if (top & 0x80) { + *bits = bitcnt; + return (ISC_R_SUCCESS); + } + if (top & 0x40) { + *bits = bitcnt - 1; + return (ISC_R_SUCCESS); + } + if (top & 0x20) { + *bits = bitcnt - 2; + return (ISC_R_SUCCESS); + } + if (top & 0x10) { + *bits = bitcnt - 3; + return (ISC_R_SUCCESS); + } + if (top & 0x08) { + *bits = bitcnt - 4; + return (ISC_R_SUCCESS); + } + if (top & 0x04) { + *bits = bitcnt - 5; + return (ISC_R_SUCCESS); + } + if (top & 0x02) { + *bits = bitcnt - 6; + return (ISC_R_SUCCESS); + } + if (top & 0x01) { + *bits = bitcnt - 7; + return (ISC_R_SUCCESS); + } break; } - INSIST(0); - ISC_UNREACHABLE(); + return (ISC_R_RANGE); } CK_ATTRIBUTE * |