diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-06-30 09:11:40 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-06-30 10:56:26 +0200 |
commit | 0ef47031faa87befe3cc1d087c96fa9b2893a853 (patch) | |
tree | da38797818842da78a5a5bcd50e619b14b7c555a | |
parent | 19e0f41bc573b7b509e69dd63d6a4832d99c10b3 (diff) | |
download | gnutls-0ef47031faa87befe3cc1d087c96fa9b2893a853.tar.gz |
pkcs11_get_attribute_avalue: correctly handle a -1 value length from C_GetAttributeValue
That is, work-around modules which do not return an error on sensitive
objects.
Relates #108
-rw-r--r-- | lib/pkcs11_int.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/pkcs11_int.c b/lib/pkcs11_int.c index de3d4e5cdc..6ac4929a65 100644 --- a/lib/pkcs11_int.c +++ b/lib/pkcs11_int.c @@ -127,6 +127,12 @@ pkcs11_get_attribute_avalue(struct ck_function_list * module, templ.value_len = 0; rv = (module)->C_GetAttributeValue(sess, object, &templ, 1); if (rv == CKR_OK) { + /* PKCS#11 v2.20 requires sensitive values to set a length + * of -1. In that case an error should have been returned, + * but some implementations return CKR_OK instead. */ + if (templ.value_len == (unsigned long)-1) + return CKR_ATTRIBUTE_SENSITIVE; + if (templ.value_len == 0) return rv; |