ADDITIONAL SYSTEM INFORMATION :
Docker / Centos 8 / JDK 18-22
A DESCRIPTION OF THE PROBLEM :
The lines 230-234 of p11_md.c dereferences a NULL pointer, if the loaded PKCS#11 library reports major version 3, but doesn't implement the C_GetInterface function.
Current implementation in JDK 18-22:
if (((CK_VERSION *)moduleData->ckFunctionListPtr)->major == 3) {
moduleData->ckFunctionList30Ptr = interface->pFunctionList;
} else {
moduleData->ckFunctionList30Ptr = NULL;
}
Possible fix:
if (((CK_VERSION *)moduleData->ckFunctionListPtr)->major == 3 && interface != NULL) {
moduleData->ckFunctionList30Ptr = interface->pFunctionList;
} else {
moduleData->ckFunctionList30Ptr = NULL;
}
REGRESSION : Last worked in version 17.0.10
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Load a pkcs11 native library that reports v3.0 but doesn't implement C_GetInterface()
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The program loads the library without crashing.
ACTUAL -
The java program crashes in libj2pkcs11 because p11_md.c dereferences a null pointer.
---------- BEGIN SOURCE ----------
package com.example;
import java.security.Security;
class Main {
public static void main(String[] args) {
Security.getProvider("SunPKCS11").configure("pkcs11.cfg");
}
}
/* pkcs11.cfg contains something like
name=PKCS11
library=/opt/pkcs11/lib64/libpkcs11.so
slot=1
*/
---------- END SOURCE ----------
FREQUENCY : always