pkcs11-spy.c check return code

The po->C_GetInterface is passed the callers ppInterface where *ppInterface may not be valid. if the po->C_GetInterface may not update the *ppInterface and return an error. In this case spy_interface_function_list should not be called, as it assumes the *ppInterface has been modified. Found debugging FireFox version 121 where FireFox passes a ppInterface where *ppInterface is not a valid pointer, causing a segfault in spy_interface_function_list. FireFox calls C_GetInterface twice with flags = CKF_INTERFACE_FORK_SAFE twice then on third time requests with flag = 0 where po->GetInterface can support and it updates the *ppInterface with valid data. See OpenSC#2987 On branch pkcs11-spy-segfault Changes to be committed: modified: pkcs11-spy.c
dengert · Jan 18, 2024 · de4c608 · de4c608
1 parent c2860b0
commit de4c608
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/pkcs11/pkcs11-spy.c b/src/pkcs11/pkcs11-spy.c
@@ -1672,7 +1672,7 @@ C_GetInterface(CK_UTF8CHAR_PTR pInterfaceName, CK_VERSION_PTR pVersion,
 		(flags & CKF_INTERFACE_FORK_SAFE ? "CKF_INTERFACE_FORK_SAFE" : ""));
 	if (po->version.major >= 3) {
 		rv = po->C_GetInterface(pInterfaceName, pVersion, ppInterface, flags);
-		if (ppInterface != NULL) {
+		if (rv == CKR_OK && ppInterface != NULL) {
 			spy_interface_function_list(*ppInterface);
 		}
 	} else {