Diff

Differences From Artifact [cd6ed6e22a]:

To Artifact [2223838f44]:


  1435   1435   	CK_ATTRIBUTE curr_attr, *retval;
  1436   1436   	CK_VOID_PTR pValue;
  1437   1437   	CK_ULONG ulValueLen;
  1438   1438   	CK_OBJECT_CLASS ck_object_class;
  1439   1439   	CK_CERTIFICATE_TYPE ck_certificate_type;
  1440   1440   	CK_KEY_TYPE ck_key_type;
  1441   1441   	CK_UTF8CHAR ucTmpBuf[1024];
  1442         -	unsigned char certificate[16384];
         1442  +	unsigned char *certificate;
  1443   1443   	ssize_t certificate_len = -1, x509_read_ret;
  1444   1444   	int pValue_free;
  1445   1445   
  1446   1446   	CACKEY_DEBUG_PRINTF("Called (objectClass = %lu, identity_num = %lu).", (unsigned long) objectclass, identity_num);
  1447   1447   
  1448   1448   	if (objectclass != CKO_CERTIFICATE && objectclass != CKO_PUBLIC_KEY && objectclass != CKO_PRIVATE_KEY) {
  1449   1449   		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), invalid object class");
  1450   1450   
  1451   1451   		return(NULL);
  1452   1452   	}
  1453   1453   
  1454         -	retval_count = 16;
  1455         -	retval = malloc(retval_count * sizeof(*retval));
         1454  +	/* Get Cert */
         1455  +	if (identity == NULL) {
         1456  +		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), invalid identiy provided");
  1456   1457   
  1457         -	/* XXX: Get Cert */
  1458         -	certificate_len = -1;
         1458  +		return(NULL);
         1459  +	}
  1459   1460   
  1460         -	if (certificate_len == -1) {
         1461  +	certificate = identity->certificate;
         1462  +	certificate_len = identity->certificate_len;
         1463  +
         1464  +	if (certificate_len == -1 || certificate == NULL) {
  1461   1465   		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), this identity does not have an X.509 certificate associated with it and will not work");
  1462   1466   
  1463   1467   		return(NULL);
  1464   1468   	}
         1469  +
         1470  +	/* Verify that certificate is ASN.1 encoded X.509 certificate */
         1471  +	if (x509_to_serial(certificate, certificate_len, NULL) < 0) {
         1472  +		CACKEY_DEBUG_PRINTF("Returning 0 objects (NULL), the X.509 certificate associated with this identity is not valid");
         1473  +
         1474  +		return(NULL);
         1475  +	}
         1476  +
         1477  +	retval_count = 16;
         1478  +	retval = malloc(retval_count * sizeof(*retval));
  1465   1479   
  1466   1480   	for (curr_attr_type = 0; curr_attr_type < 0xce53635f; curr_attr_type++) {
  1467   1481   		if (curr_attr_type == 0x800) {
  1468   1482   			curr_attr_type = 0xce536300;
  1469   1483   		}
  1470   1484   
  1471   1485   		pValue_free = 0;
................................................................................
  2974   2988   			num_ids = (CKO_PRIVATE_KEY - CKO_CERTIFICATE + 1) * num_certs;
  2975   2989   
  2976   2990   			identities = malloc(num_ids * sizeof(*identities));
  2977   2991   
  2978   2992   			id_idx = 0;
  2979   2993   			for (cert_idx = 0; cert_idx < num_certs; cert_idx++) {
  2980   2994   				for (curr_id_type = CKO_CERTIFICATE; curr_id_type <= CKO_PRIVATE_KEY; curr_id_type++) {
  2981         -					identities[id_idx].attributes = cackey_get_attributes(curr_id_type, &pcsc_identities[cert_idx], -1, &identities[id_idx].attributes_count);
         2995  +					identities[id_idx].attributes = cackey_get_attributes(curr_id_type, &pcsc_identities[cert_idx], cert_idx, &identities[id_idx].attributes_count);
  2982   2996   
  2983   2997   					if (identities[id_idx].attributes == NULL) {
  2984   2998   						identities[id_idx].attributes_count = 0;
  2985   2999   					}
  2986   3000   
  2987   3001   					id_idx++;
  2988   3002   				}