diff options
author | Jeff Walden <jwalden@mit.edu> | 2020-06-05 21:33:12 +0000 |
---|---|---|
committer | Jeff Walden <jwalden@mit.edu> | 2020-06-05 21:33:12 +0000 |
commit | 7ee3a804dc3c1b5e875434d1c37264b7e7fdcd20 (patch) | |
tree | 8bcef1c715b0c32dc8f9aff6bd3577f31c5af2ae /lib/pk11wrap | |
parent | b0ecce5214e7509fa2282b07f848533caba88d65 (diff) | |
download | nss-hg-7ee3a804dc3c1b5e875434d1c37264b7e7fdcd20.tar.gz |
Bug 1643557 - Make PK11_SetWrapKey explicitly handle being passed a negative wrap argument, to avoid a signed-unsigned comparison. r=kjacobs
Depends on D78453
Differential Revision: https://phabricator.services.mozilla.com/D78454
Diffstat (limited to 'lib/pk11wrap')
-rw-r--r-- | lib/pk11wrap/pk11skey.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/lib/pk11wrap/pk11skey.c b/lib/pk11wrap/pk11skey.c index ee17b60bd..7d15b6159 100644 --- a/lib/pk11wrap/pk11skey.c +++ b/lib/pk11wrap/pk11skey.c @@ -6,6 +6,8 @@ * Interfaces. */ +#include <stddef.h> + #include "seccomon.h" #include "secmod.h" #include "nssilock.h" @@ -401,15 +403,19 @@ void PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey) { PK11_EnterSlotMonitor(slot); - if (wrap < PR_ARRAY_SIZE(slot->refKeys) && - slot->refKeys[wrap] == CK_INVALID_HANDLE) { - /* save the handle and mechanism for the wrapping key */ - /* mark the key and session as not owned by us so they don't get freed - * when the key goes way... that lets us reuse the key later */ - slot->refKeys[wrap] = wrapKey->objectID; - wrapKey->owner = PR_FALSE; - wrapKey->sessionOwner = PR_FALSE; - slot->wrapMechanism = wrapKey->type; + if (wrap >= 0) { + size_t uwrap = (size_t)wrap; + if (uwrap < PR_ARRAY_SIZE(slot->refKeys) && + slot->refKeys[uwrap] == CK_INVALID_HANDLE) { + /* save the handle and mechanism for the wrapping key */ + /* mark the key and session as not owned by us so they don't get + * freed when the key goes way... that lets us reuse the key + * later */ + slot->refKeys[uwrap] = wrapKey->objectID; + wrapKey->owner = PR_FALSE; + wrapKey->sessionOwner = PR_FALSE; + slot->wrapMechanism = wrapKey->type; + } } PK11_ExitSlotMonitor(slot); } |