Avoid sementation fault in __pkcs11h_crypto_mbedtls_certificate_is_issuer

[ko-maren]

I'm using pkcs11-helper v2.28.0 and mbedtls 3.6.0. There I'm observing a segmentation fault occurring in __pkcs11h_crypto_mbedtls_certificate_is_issuer. This segmentation fault comes from mbedtls (see Mbed-TLS/mbedtls#9570), however it could prevented in pkcs11-helper as well/additional.

Instead of using the memset shortly before calling mbedtls_x509_crt_parse, the segmentation fault does not happened if defining x509_issuer and x509_cert at the beginning of the function.

Possible fix in pkcs11-helper:

static
int
__pkcs11h_crypto_mbedtls_certificate_is_issuer (
	IN void * const global_data,
	IN const unsigned char * const issuer_blob,
	IN const size_t issuer_blob_size,
	IN const unsigned char * const cert_blob,
	IN const size_t cert_blob_size
) {
	mbedtls_x509_crt x509_issuer;
	mbedtls_x509_crt x509_cert;
	memset(&x509_issuer, 0, sizeof(x509_issuer));
	memset(&x509_cert, 0, sizeof(x509_cert));

	uint32_t verify_flags = 0;
	PKCS11H_BOOL is_issuer = FALSE;

	(void)global_data;

	/*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
	_PKCS11H_ASSERT (issuer_blob!=NULL);
	_PKCS11H_ASSERT (cert_blob!=NULL);

	if (0 != mbedtls_x509_crt_parse (&x509_issuer, issuer_blob, issuer_blob_size)) {
		goto cleanup;
	}

	if (0 != mbedtls_x509_crt_parse (&x509_cert, cert_blob, cert_blob_size)) {
		goto cleanup;
	}

	if ( 0 == mbedtls_x509_crt_verify(&x509_cert, &x509_issuer, NULL, NULL,
		&verify_flags, NULL, NULL )) {
		is_issuer = TRUE;
	}

cleanup:
	mbedtls_x509_crt_free(&x509_cert);
	mbedtls_x509_crt_free(&x509_issuer);

	return is_issuer;
}

[ko-maren]

Regarding of the response in the MBedTLS issue, mbedtls_x509_crt_init needs to be called before using x509_issuer and x509_cert. So this needs to be adjusted in __pkcs11h_crypto_mbedtls_certificate_is_issuer