Merge pull request #324 from Jakuje/allowed-mechanism-attribute

wiktor-k · web-flow · commit 979e6314b818 · 2025-12-09T17:06:07.000+01:00
Fix handling empty AllowedMechanisms attribute
diff --git a/cryptoki/src/object.rs b/cryptoki/src/object.rs
@@ -1114,18 +1114,25 @@ impl TryFrom<CK_ATTRIBUTE> for Attribute {
                 Ok(Attribute::ValidationVersion(Version::new(val[0], val[1])))
             }
             AttributeType::AllowedMechanisms => {
-                let val = unsafe {
-                    std::slice::from_raw_parts(
-                        attribute.pValue as *const CK_MECHANISM_TYPE,
-                        attribute.ulValueLen.try_into()?,
-                    )
-                };
-                let types: Vec<MechanismType> = val
-                    .iter()
-                    .copied()
-                    .map(|t| t.try_into())
-                    .collect::<Result<Vec<MechanismType>>>()?;
-                Ok(Attribute::AllowedMechanisms(types))
+                if attribute.ulValueLen == 0 {
+                    /* For zero-length attributes we are getting pointer to static
+                     * buffer of length zero, which can not be used to create slices.
+                     * Short-circuit here to avoid crash (#324) */
+                    Ok(Attribute::AllowedMechanisms(Vec::new()))
+                } else {
+                    let val = unsafe {
+                        std::slice::from_raw_parts(
+                            attribute.pValue as *const CK_MECHANISM_TYPE,
+                            attribute.ulValueLen.try_into()?,
+                        )
+                    };
+                    let types = val
+                        .iter()
+                        .copied()
+                        .map(|t| t.try_into())
+                        .collect::<Result<Vec<_>>>()?;
+                    Ok(Attribute::AllowedMechanisms(types))
+                }
             }
             AttributeType::EndDate => {
                 if val.is_empty() {
diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs
@@ -1117,6 +1117,20 @@ fn import_export() -> TestResult {
         panic!("Expected the Modulus attribute.");
     }
 
+    let mut attrs =
+        session.get_attributes(is_it_the_public_key, &[AttributeType::AllowedMechanisms])?;
+
+    if is_softhsm() {
+        let attr = attrs.remove(0);
+        if let Attribute::AllowedMechanisms(v) = attr {
+            assert_eq!(v, Vec::<MechanismType>::new());
+        } else {
+            panic!("Expected the AllowedMechanisms attribute.");
+        }
+    } else {
+        assert_eq!(attrs, Vec::<Attribute>::new());
+    }
+
     // delete key
     session.destroy_object(is_it_the_public_key)?;
 
