rpc: remove length assert in proto_read_attribute_buffer_array

p11-glue / p11-kit

Provides a way to load and enumerate PKCS#11 modules.

https://p11-glue.github.io/p11-glue/p11-kit.html

Other

149 stars 91 forks source link

rpc: remove length assert in proto_read_attribute_buffer_array #631

Closed ZoltanFridrich closed 5 months ago

ZoltanFridrich commented 5 months ago

Return an error when parsed_array_size < actual_array_size rather then crashing with assert in proto_read_attribute_buffer_array.

coveralls commented 5 months ago

coverage: 69.53% (-0.001%) from 69.531% when pulling 88d13e828b8ce10cdc4ccf18d9095d4e5ee5c318 on ZoltanFridrich:zfridric_devel into f53bdc2c941aae47d592b0376de9a4bc442ec3d2 on p11-glue:master.

ZoltanFridrich commented 5 months ago

Should we try to avoid integer overflow (wrap around this case) at multiplication? Maybe adding a check like ULONG_MAX / length < sizeof (CK_ATTRIBUTE) might help.

I think you meant ULONG_MAX / n_array < sizeof (CK_ATTRIBUTE). Thats a good idea. Fixed.