Integrated: 8330133: libj2pkcs11.so crashes on some pkcs#11 v3.0 libraries
Valerie Peng
valeriep at openjdk.org
Tue Apr 16 22:50:01 UTC 2024
On Tue, 16 Apr 2024 00:15:34 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> It is reported that some PKCS#11 library/vendor reports major version 3, but doesn't implement the C_GetInterface function and the resulting 'interface' variable value may be NULL and cause unexpected crash later.
>
> This PR would check the 'interface' variable value to be non-NULL.
> Reproducing this would require certain 3rd party PKCS#11 library, and thus the noreg-hard label.
>
> Thanks~
> FYI, I will be on vacation starting 4/17 and will address the review comments upon return.
> Valerie
This pull request has now been integrated.
Changeset: d1c6cd10
Author: Valerie Peng <valeriep at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/d1c6cd104ec117b88c45aafcb342164be4483f94
Stats: 10 lines in 2 files changed: 2 ins; 3 del; 5 mod
8330133: libj2pkcs11.so crashes on some pkcs#11 v3.0 libraries
Reviewed-by: djelinski, weijun
-------------
PR: https://git.openjdk.org/jdk/pull/18789
More information about the security-dev
mailing list