From fe9ef0d9f57a2e3f2902cf93d5f00aac3286dd99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Fri, 4 Jan 2019 20:28:35 +0100 Subject: [PATCH] Make sure null atributes are never used Add INSIST to pubattr fetching where null might occur in therory. Make sure null is never dereferenced. --- lib/dns/pkcs11ecdsa_link.c | 2 ++ lib/dns/pkcs11rsa_link.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/lib/dns/pkcs11ecdsa_link.c b/lib/dns/pkcs11ecdsa_link.c index 6bc5e25b18..1f23ac927e 100644 --- a/lib/dns/pkcs11ecdsa_link.c +++ b/lib/dns/pkcs11ecdsa_link.c @@ -837,6 +837,7 @@ pkcs11ecdsa_fetch(dst_key_t *key, const char *engine, const char *label, attr->type = CKA_EC_PARAMS; pubattr = pk11_attribute_bytype(pubec, CKA_EC_PARAMS); + INSIST(pubattr != NULL); attr->pValue = isc_mem_get(key->mctx, pubattr->ulValueLen); if (attr->pValue == NULL) DST_RET(ISC_R_NOMEMORY); @@ -846,6 +847,7 @@ pkcs11ecdsa_fetch(dst_key_t *key, const char *engine, const char *label, attr->type = CKA_EC_POINT; pubattr = pk11_attribute_bytype(pubec, CKA_EC_POINT); + INSIST(pubattr != NULL); attr->pValue = isc_mem_get(key->mctx, pubattr->ulValueLen); if (attr->pValue == NULL) DST_RET(ISC_R_NOMEMORY); diff --git a/lib/dns/pkcs11rsa_link.c b/lib/dns/pkcs11rsa_link.c index 25b3897448..0473acd72f 100644 --- a/lib/dns/pkcs11rsa_link.c +++ b/lib/dns/pkcs11rsa_link.c @@ -1673,6 +1673,7 @@ pkcs11rsa_fetch(dst_key_t *key, const char *engine, const char *label, attr->type = CKA_MODULUS; pubattr = pk11_attribute_bytype(pubrsa, CKA_MODULUS); + INSIST(pubattr != NULL); attr->pValue = isc_mem_get(key->mctx, pubattr->ulValueLen); if (attr->pValue == NULL) DST_RET(ISC_R_NOMEMORY); @@ -1682,6 +1683,7 @@ pkcs11rsa_fetch(dst_key_t *key, const char *engine, const char *label, attr->type = CKA_PUBLIC_EXPONENT; pubattr = pk11_attribute_bytype(pubrsa, CKA_PUBLIC_EXPONENT); + INSIST(pubattr != NULL); attr->pValue = isc_mem_get(key->mctx, pubattr->ulValueLen); if (attr->pValue == NULL) DST_RET(ISC_R_NOMEMORY);