Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix use-after-free bug in Ctx::initialize #53

Closed

Conversation

jhagborgftx
Copy link

Previously, init_args was being destructured by value, causing it to be dropped before C_Initialize was called. This caused undefined behavior. I believe this fixes #49.

The fact that a bug in safe code caused this is a bit worrying. In my opinion, all the function pointers in CK_FUNCTION_LIST should be marked as unsafe, and have safe wrappers that take references rather than raw pointers.

Previously, init_args was being destructured by value, causing it to
be dropped before C_Initialize was called.  This caused undefined
behavior.
@mheese
Copy link
Owner

mheese commented Oct 27, 2022

Closing all PRs together with the deprecation notice on the README. Please switch to the cryptoki crate which doesn't have this problem to begin with https://github.com/parallaxsecond/rust-cryptoki

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Disabling of compiler optimizations needed to prevent non-null pReserved when invoking C_Initialize().
2 participants