Skip to content

Address CodeQL findings in utility and example code#661

Merged
mtrojnar merged 4 commits into
OpenSC:masterfrom
olszomal:code_scanning_alerts
Jul 15, 2026
Merged

Address CodeQL findings in utility and example code#661
mtrojnar merged 4 commits into
OpenSC:masterfrom
olszomal:code_scanning_alerts

Conversation

@olszomal

Copy link
Copy Markdown
Collaborator

Pull Request Type

  • Bug fix
  • New feature
  • Code style / formatting / renaming
  • Refactoring (no functional or API changes)
  • Build / CI related changes
  • Documentation
  • Other (please describe):

Related Issue

Issue number: N/A

Current Behavior

CodeQL reports several issues in utility and example code, including a potential out-of-bounds write when terminating decoded URI attributes, insufficient documentation of certificate selection logic, and incomplete cleansing of PKCS#11 PIN buffers.

Scope of Changes

  • Fix URI decoding buffer handling.
  • Refactor certificate logging and document selection paths.
  • Initialize and cleanse PIN buffer.

Testing

  • Existing tests
  • New tests added
  • Manual testing

Additional Notes

These changes address CodeQL findings without changing the intended PKCS#11 behavior.

License Declaration

  • I hereby agree to license my contribution under the project's license.

olszomal added 4 commits July 15, 2026 13:13
Reserve space for the terminating NUL byte and validate the decoded
length before writing it, preventing a potential out-of-bounds write.

Fixes CodeQL alert OpenSC#7.
@mtrojnar mtrojnar merged commit e2007fb into OpenSC:master Jul 15, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants