RFR: 8330133: libj2pkcs11.so crashes on some pkcs#11 v3.0 libraries
Valerie Peng
valeriep at openjdk.org
Tue Apr 16 00:20:06 UTC 2024
It is reported that some PKCS#11 library/vendor reports major version 3, but doesn't implement the C_GetInterface function and the resulting 'interface' variable value may be NULL and cause unexpected crash later.
This PR would check the 'interface' variable value to be non-NULL.
Reproducing this would require certain 3rd party PKCS#11 library, and thus the noreg-hard label.
Thanks~
FYI, I will be on vacation starting 4/17 and will address the review comments upon return.
Valerie
-------------
Commit messages:
- 8330133: libj2pkcs11.so crashes on some pkcs#11 v3.0 libraries
Changes: https://git.openjdk.org/jdk/pull/18789/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=18789&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8330133
Stats: 7 lines in 2 files changed: 2 ins; 0 del; 5 mod
Patch: https://git.openjdk.org/jdk/pull/18789.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/18789/head:pull/18789
PR: https://git.openjdk.org/jdk/pull/18789
More information about the security-dev
mailing list