OpenSC
Avoid sementation fault in __pkcs11h_crypto_mbedtls_certificate_is_issuer
I'm using pkcs11-helper v2.28.0 and mbedtls 3.6.0. There I'm observing a segmentation fault occurring in __pkcs11h_crypto_mbedtls_certificate_is_issuer. This segmentation fault comes from mbedtls (see https://github.com/Mbed-TLS/mbedtls/issues/9570), however it could prevented in pkcs11-helper as well/additional.
Instead of using the memset shortly before calling mbedtls_x509_crt_parse, the segmentation fault does not happened if defining x509_issuer and x509_cert at the beginning of the function.
Possible fix in pkcs11-helper:
static
int
__pkcs11h_crypto_mbedtls_certificate_is_issuer (
IN void * const global_data,
IN const unsigned char * const issuer_blob,
IN const size_t issuer_blob_size,
IN const unsigned char * const cert_blob,
IN const size_t cert_blob_size
) {
mbedtls_x509_crt x509_issuer;
mbedtls_x509_crt x509_cert;
memset(&x509_issuer, 0, sizeof(x509_issuer));
memset(&x509_cert, 0, sizeof(x509_cert));
uint32_t verify_flags = 0;
PKCS11H_BOOL is_issuer = FALSE;
(void)global_data;
/*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
_PKCS11H_ASSERT (issuer_blob!=NULL);
_PKCS11H_ASSERT (cert_blob!=NULL);
if (0 != mbedtls_x509_crt_parse (&x509_issuer, issuer_blob, issuer_blob_size)) {
goto cleanup;
}
if (0 != mbedtls_x509_crt_parse (&x509_cert, cert_blob, cert_blob_size)) {
goto cleanup;
}
if ( 0 == mbedtls_x509_crt_verify(&x509_cert, &x509_issuer, NULL, NULL,
&verify_flags, NULL, NULL )) {
is_issuer = TRUE;
}
cleanup:
mbedtls_x509_crt_free(&x509_cert);
mbedtls_x509_crt_free(&x509_issuer);
return is_issuer;
}
Regarding of the response in the MBedTLS issue, mbedtls_x509_crt_init needs to be called before using x509_issuer and x509_cert. So this needs to be adjusted in __pkcs11h_crypto_mbedtls_certificate_is_issuer
Hi @ko-maren, Somehow I missed this notification. Can you please test #70 ? Thanks, Alon
@alonbl I also missed the notification. I will check it, and let you know. Thanks