Incorrect parameter passed to deserialize_indirect_attribute

`deserialize_indirect_attribute` expects a pointer to the entire `CK_ATTRIBUTE` object in the second parameter here
https://github.com/OP-TEE/optee_client/blob/master/libckteec/src/serialize_ck.c#L115

The function needs the entire CK_ATTRIBUTE structure to access:

attribute->type - To verify it's a template attribute
attribute->ulValueLen - To calculate the count
attribute->pValue - To get the destination buffer

However, what was actually being passed is just a data pointer, not the complete CK_ATTRIBUTE structure.

https://github.com/OP-TEE/optee_client/blob/master/libckteec/src/serialize_ck.c#L320

In the case of serialize the entire object is passed: https://github.com/OP-TEE/optee_client/blob/master/libckteec/src/serialize_ck.c#L173

Should line 320 be updated?
from:
		`rv = deserialize_indirect_attribute(in, out->pValue);`
to:
		`rv = deserialize_indirect_attribute(in, out);`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Incorrect parameter passed to deserialize_indirect_attribute #410

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Incorrect parameter passed to deserialize_indirect_attribute #410

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions