chaps: Police invalid attribute length
The value (CK_ULONG)-1 is used on C_GetAttributeValue to indicate
an error for a particular attribute; as such, this value survives
serialization (in attributes.cc).
However, if an incorrect application turns around and uses this
length value for an attribute on a call to C_SetAttributeValue,
we need to ensure that this doesn't crash chapsd.
In particular, watch out for this specific error value in
ObjectImpl::SetAttributes(); other erroneously-huge values
will only cause problems client-side (because the serialization
TEST=Chaps unit tests (with ASAN) plus PKCS11 tests
Reviewed-by: Darren Krahn <email@example.com>
Commit-Queue: David Drysdale <firstname.lastname@example.org>
Tested-by: David Drysdale <email@example.com>
2 files changed