-
Bug
-
Resolution: Fixed
-
P3
-
21, 22, 23
-
b28
-
b19
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8331300 | 21.0.5-oracle | Prajwal Kumaraswamy | P3 | Resolved | Fixed | b01 |
| JDK-8334605 | 21.0.5 | Martin Doerr | P3 | Resolved | Fixed | b01 |
ADDITIONAL SYSTEM INFORMATION :
Docker / Centos 8 / JDK 18-22
A DESCRIPTION OF THE PROBLEM :
The lines 230-234 of p11_md.c dereferences a NULL pointer, if the loaded PKCS#11 library reports major version 3, but doesn't implement the C_GetInterface function.
Current implementation in JDK 18-22:
if (((CK_VERSION *)moduleData->ckFunctionListPtr)->major == 3) {
moduleData->ckFunctionList30Ptr = interface->pFunctionList;
} else {
moduleData->ckFunctionList30Ptr = NULL;
}
Possible fix:
if (((CK_VERSION *)moduleData->ckFunctionListPtr)->major == 3 && interface != NULL) {
moduleData->ckFunctionList30Ptr = interface->pFunctionList;
} else {
moduleData->ckFunctionList30Ptr = NULL;
}
REGRESSION : Last worked in version 17.0.10
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Load a pkcs11 native library that reports v3.0 but doesn't implement C_GetInterface()
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The program loads the library without crashing.
ACTUAL -
The java program crashes in libj2pkcs11 because p11_md.c dereferences a null pointer.
---------- BEGIN SOURCE ----------
package com.example;
import java.security.Security;
class Main {
public static void main(String[] args) {
Security.getProvider("SunPKCS11").configure("pkcs11.cfg");
}
}
/* pkcs11.cfg contains something like
name=PKCS11
library=/opt/pkcs11/lib64/libpkcs11.so
slot=1
*/
---------- END SOURCE ----------
FREQUENCY : always
Docker / Centos 8 / JDK 18-22
A DESCRIPTION OF THE PROBLEM :
The lines 230-234 of p11_md.c dereferences a NULL pointer, if the loaded PKCS#11 library reports major version 3, but doesn't implement the C_GetInterface function.
Current implementation in JDK 18-22:
if (((CK_VERSION *)moduleData->ckFunctionListPtr)->major == 3) {
moduleData->ckFunctionList30Ptr = interface->pFunctionList;
} else {
moduleData->ckFunctionList30Ptr = NULL;
}
Possible fix:
if (((CK_VERSION *)moduleData->ckFunctionListPtr)->major == 3 && interface != NULL) {
moduleData->ckFunctionList30Ptr = interface->pFunctionList;
} else {
moduleData->ckFunctionList30Ptr = NULL;
}
REGRESSION : Last worked in version 17.0.10
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Load a pkcs11 native library that reports v3.0 but doesn't implement C_GetInterface()
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The program loads the library without crashing.
ACTUAL -
The java program crashes in libj2pkcs11 because p11_md.c dereferences a null pointer.
---------- BEGIN SOURCE ----------
package com.example;
import java.security.Security;
class Main {
public static void main(String[] args) {
Security.getProvider("SunPKCS11").configure("pkcs11.cfg");
}
}
/* pkcs11.cfg contains something like
name=PKCS11
library=/opt/pkcs11/lib64/libpkcs11.so
slot=1
*/
---------- END SOURCE ----------
FREQUENCY : always
- backported by
-
JDK-8331300 libj2pkcs11.so crashes on some pkcs#11 v3.0 libraries
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
JDK-8255409 Support the new C_GetInterfaceList, C_GetInterface, and C_SessionCancel APIs in PKCS#11 v3.0
-
- Resolved
-
- links to
-
Commit
openjdk/jdk21u-dev/568bd67a
-
Commit
openjdk/jdk/d1c6cd10
-
Review
openjdk/jdk21u-dev/760
-
Review
openjdk/jdk/18789
(2 links to)