From e437824d38970f581472a26d61043634b515fdb2 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Thu, 3 Jun 2021 07:43:48 +0200
Subject: [PATCH] rpc: Tighten attribute array check with manual enumeration

CKF_ARRAY_ATTRIBUTE is not sufficient to tell if the attribute is
an array of attributes, because the flag is also set for
CKA_ALLOWED_MECHANISMS, which is an array of CK_MECHANISM_TYPE
(unsigned long).  Moreover, our vendor prefix 0x58444700UL masks
the bit.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 common/attrs.h       | 10 ++++++++++
 p11-kit/rpc-client.c |  3 ++-
 p11-kit/rpc-server.c |  3 ++-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/common/attrs.h b/common/attrs.h
index 278001323..1cf3e034b 100644
--- a/common/attrs.h
+++ b/common/attrs.h
@@ -42,6 +42,16 @@
 
 #define CKA_INVALID ((CK_ULONG)-1)
 
+/* CKF_ARRAY_ATTRIBUTE is not sufficient to tell if the attribute is
+ * an array of attributes, because the flag is also set for
+ * CKA_ALLOWED_MECHANISMS, which is an array of CK_MECHANISM_TYPE
+ * (unsigned long).  Moreover, our vendor prefix 0x58444700UL masks
+ * the bit. */
+#define IS_ATTRIBUTE_ARRAY(attr) \
+	((attr)->type == CKA_WRAP_TEMPLATE ||	\
+	 (attr)->type == CKA_UNWRAP_TEMPLATE ||	\
+	 (attr)->type == CKA_DERIVE_TEMPLATE)
+
 CK_ATTRIBUTE *      p11_attrs_dup           (const CK_ATTRIBUTE *attrs);
 
 CK_ATTRIBUTE *      p11_attrs_build         (CK_ATTRIBUTE *attrs,
diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c
index ae6637511..3fda64109 100644
--- a/p11-kit/rpc-client.c
+++ b/p11-kit/rpc-client.c
@@ -35,6 +35,7 @@
 
 #include "config.h"
 
+#include "attrs.h"
 #define P11_DEBUG_FLAG P11_DEBUG_RPC
 #include "debug.h"
 #include "pkcs11.h"
@@ -241,7 +242,7 @@ proto_read_attribute_array (p11_rpc_message *msg,
 			return PARSE_ERROR;
 		}
 
-		if (temp.type & CKF_ARRAY_ATTRIBUTE) {
+		if (IS_ATTRIBUTE_ARRAY (&temp)) {
 			p11_debug("recursive attribute array is not supported");
 			return PARSE_ERROR;
 		}
diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c
index ba7240eab..e4cd3fd63 100644
--- a/p11-kit/rpc-server.c
+++ b/p11-kit/rpc-server.c
@@ -35,6 +35,7 @@
 
 #include "config.h"
 
+#include "attrs.h"
 #include "conf.h"
 #define P11_DEBUG_FLAG P11_DEBUG_RPC
 #include "debug.h"
@@ -323,7 +324,7 @@ proto_read_attribute_array (p11_rpc_message *msg,
 			return PARSE_ERROR;
 		}
 
-		if (temp.type & CKF_ARRAY_ATTRIBUTE) {
+		if (IS_ATTRIBUTE_ARRAY (&temp)) {
 			p11_debug("recursive attribute array is not supported");
 			return PARSE_ERROR;
 		}