From b3243a754763f6df19351593781b88e277a324bc Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Sun, 23 May 2021 18:28:57 +0200
Subject: [PATCH] rpc-server: Disable parsing CKF_ARRAY_ATTRIBUTE

This is a temporary measure to avoid oss-fuzz failure.  When the
attribute array is nested, the current internal API cannot determine
the actual size of data that need to be stored, because ulValueLen is
set to the attribute count times sizeof(CK_ATTRIBUTE).

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 p11-kit/rpc-client.c | 5 +++++
 p11-kit/rpc-server.c | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c
index 6e9cd60..ae66375 100644
--- a/p11-kit/rpc-client.c
+++ b/p11-kit/rpc-client.c
@@ -241,6 +241,11 @@ proto_read_attribute_array (p11_rpc_message *msg,
 			return PARSE_ERROR;
 		}
 
+		if (temp.type & CKF_ARRAY_ATTRIBUTE) {
+			p11_debug("recursive attribute array is not supported");
+			return PARSE_ERROR;
+		}
+
 		/* Try and stuff it in the output data */
 		if (arr) {
 			CK_ATTRIBUTE *attr = &(arr[i]);
diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c
index 796a674..ba7240e 100644
--- a/p11-kit/rpc-server.c
+++ b/p11-kit/rpc-server.c
@@ -323,6 +323,11 @@ proto_read_attribute_array (p11_rpc_message *msg,
 			return PARSE_ERROR;
 		}
 
+		if (temp.type & CKF_ARRAY_ATTRIBUTE) {
+			p11_debug("recursive attribute array is not supported");
+			return PARSE_ERROR;
+		}
+
 		attrs[i].type = temp.type;
 
 		/* Whether this one is valid or not */
-- 
1.8.3.1