I'm using pkcs11-helper v2.28.0 and mbedtls 3.6.0. There I'm observing a segmentation fault occurring in __pkcs11h_crypto_mbedtls_certificate_is_issuer. This segmentation fault comes from mbedtls (see https://github.com/Mbed-TLS/mbedtls/issues/9570), however it could prevented in pkcs11-helper as well/additional.
Instead of using the memset shortly before calling mbedtls_x509_crt_parse, the segmentation fault does not happened if defining x509_issuer and x509_cert at the beginning of the function.
Regarding of the response in the MBedTLS issue, mbedtls_x509_crt_init needs to be called before using x509_issuer and x509_cert. So this needs to be adjusted in __pkcs11h_crypto_mbedtls_certificate_is_issuer
I'm using pkcs11-helper v2.28.0 and mbedtls 3.6.0. There I'm observing a segmentation fault occurring in
__pkcs11h_crypto_mbedtls_certificate_is_issuer
. This segmentation fault comes from mbedtls (see https://github.com/Mbed-TLS/mbedtls/issues/9570), however it could prevented in pkcs11-helper as well/additional.Instead of using the memset shortly before calling
mbedtls_x509_crt_parse
, the segmentation fault does not happened if definingx509_issuer
andx509_cert
at the beginning of the function.Possible fix in pkcs11-helper: