From 36da777c5a492434d100754cc388b246c42e60a8 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Wed, 15 Nov 2023 06:21:22 +0900 Subject: [PATCH] rpc: Fix serialization of NULL mechanism pointer A NULL mechanism pointer is valid for C_*Init functions to cancel the operation. Since 852ccd8d we encoded it with a CK_MECHANISM_TYPE 0 as an indicator, though it clashes with CKM_RSA_PKCS_KEY_PAIR_GEN (0). This patch changes the encoding to use a special value (0xffffffff) to indicate that and also properly advance the offset when reading. Signed-off-by: Daiki Ueno --- p11-kit/rpc-client.c | 7 +++++-- p11-kit/rpc-server.c | 7 ++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c index 93e8c7add..0a9208ba7 100644 --- a/p11-kit/rpc-client.c +++ b/p11-kit/rpc-client.c @@ -430,9 +430,12 @@ proto_write_mechanism (p11_rpc_message *msg, /* Make sure this is in the right order */ assert (!msg->signature || p11_rpc_message_verify_part (msg, "M")); - /* This case is valid for C_*Init () functions to cancel operation */ + /* + * The NULL mech is used for C_*Init () functions to cancel operation. + * We use 0xffffffff as a marker to indicate that. + */ if (mech == NULL) { - p11_rpc_buffer_add_uint32 (msg->output, 0); + p11_rpc_buffer_add_uint32 (msg->output, 0xffffffff); return p11_buffer_failed (msg->output) ? CKR_HOST_MEMORY : CKR_OK; } diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c index 87bd57441..bdaded117 100644 --- a/p11-kit/rpc-server.c +++ b/p11-kit/rpc-server.c @@ -480,8 +480,13 @@ proto_read_mechanism (p11_rpc_message *msg, return PARSE_ERROR; } - if (temp.mechanism == 0) { + /* + * The NULL mech is used for C_*Init () functions to cancel operation. + * We use 0xffffffff as a marker to indicate that. + */ + if (temp.mechanism == 0xffffffff) { *mech = NULL; + msg->parsed = offset; return CKR_OK; }