RFR [8043720] (smartcardio) Native memory should be handled more accurately
Ivan Gerasimov
ivan.gerasimov at oracle.com
Tue May 27 19:30:47 UTC 2014
Hello!
Here is a proposal to make some native memory manipulations in
src/share/native/sun/security/smartcardio/pcsc.c more accurate.
1)
Add another argument to pcsc_multi2jstring() which will hold the size of
the character array to be parsed.
In the function we make sure we do not access memory outside the array.
2)
In pcsc_multi2jstring():
There is a constant PCSCLITE_MAX_READERS_CONTEXTS == 16, which limits
number of cardreaders in the system.
So we don't need to allocate the buffer with malloc.
3)
In Java_sun_security_smartcardio_PCSC_SCardListReaders():
The 'size' variable is initialized in the pcsc-lite API call to
SCardListReaders.
Even though it should not be zero, if SCardListReaders returned
SUCCESS, it's still a call of foreign function.
Thus we better handle the case when size == 0.
4)
Currently Java_sun_security_smartcardio_PCSC_SCardGetStatusChange is
always called with non-empty jReaderNames argument.
However, it seems easy to make it more robust with a couple of checks
for the empty array of names.
5)
In Java_sun_security_smartcardio_PCSC_SCardGetStatusChange, readers'
names are allocated with strdup() and later freed with free().
If the program gets to cleanup upon an error, some of the names may turn
out be be never initialized, so free() can fail.
Would you please help review the fix?
BUGURL: https://bugs.openjdk.java.net/browse/JDK-8043720
WEBREV: http://cr.openjdk.java.net/~igerasim/8043720/0/webrev/
Sincerely yours,
Ivan
More information about the security-dev
mailing list