avoid using an uninitialized buffer

2016-06-04 01:02:01 +02:00 · 2016-06-04 01:02:01 +02:00 · 04825d8d7e
commit 04825d8d7e
parent 7eeba1fba8
1 changed files with 15 additions and 3 deletions
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@ -388,6 +388,7 @@ static const char *	CKR2Str(CK_ULONG res);
 static int		p11_test(CK_SESSION_HANDLE session);
 static int test_card_detection(int);
 static int		hex_to_bin(const char *in, CK_BYTE *out, size_t *outlen);
+static void		pseudo_randomize(unsigned char *data, size_t dataLen);
 static void		test_kpgen_certwrite(CK_SLOT_ID slot, CK_SESSION_HANDLE session);
 static void		test_ec(CK_SLOT_ID slot, CK_SESSION_HANDLE session);
 #ifndef _WIN32
@ -3313,6 +3314,7 @@ static int test_digest(CK_SESSION_HANDLE session)
 	}

 	/* 1st test */
+	pseudo_randomize(data, sizeof(data));

 	ck_mech.mechanism = firstMechType;
 	rv = p11->C_DigestInit(session, &ck_mech);
@ -3686,9 +3688,6 @@ static int test_signature(CK_SESSION_HANDLE sess)
 		return 0;
 	}

-	data[0] = 0;
-	data[1] = 1;
-
 	/* 1st test */

 	/* assume --login has already authenticated the key */
@ -3705,6 +3704,8 @@ static int test_signature(CK_SESSION_HANDLE sess)
 		break;
 	}

+	pseudo_randomize(data, dataLen);
+
 	ck_mech.mechanism = firstMechType;
 	rv = p11->C_SignInit(sess, &ck_mech, privKeyObject);
 	/* mechanism not implemented, don't test */
@ -4838,6 +4839,17 @@ static int hex_to_bin(const char *in, unsigned char *out, size_t *outlen)
 	return 1;
 }

+static void pseudo_randomize(unsigned char *data, size_t dataLen)
+{
+	size_t i = 0;
+	/* initialization with some data */
+	while (i < dataLen) {
+		*data = rand() & 0xFF;
+		data++;
+		i++;
+	}
+}
+
 static struct mech_info	p11_mechanisms[] = {
      { CKM_RSA_PKCS_KEY_PAIR_GEN,	"RSA-PKCS-KEY-PAIR-GEN", NULL },
      { CKM_RSA_PKCS,		"RSA-PKCS",	NULL },