diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-07-18 08:02:17 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-07-20 10:32:25 +1000 |
commit | 63ebcd0005e9894fcd6871b7b80aeea1fec0ff76 (patch) | |
tree | b84db7274b2a52d4f17baeb56f0ee41543d798c3 | |
parent | b15fd989c8c62074397160147a8d5bc34b3f3c63 (diff) |
upstream commit
don't ignore PKCS#11 hosted keys that return empty
CKA_ID; patch by Jakub Jelen via bz#2429; ok markus
Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485
-rw-r--r-- | ssh-pkcs11.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 4156d088..92614a52 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.20 2015/07/18 08:00:21 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.21 2015/07/18 08:02:17 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -481,15 +481,23 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, error("C_GetAttributeValue failed: %lu", rv); continue; } - /* check that none of the attributes are zero length */ - if (attribs[0].ulValueLen == 0 || - attribs[1].ulValueLen == 0 || + /* + * Allow CKA_ID (always first attribute) to be empty, but + * ensure that none of the others are zero length. + * XXX assumes CKA_ID is always first. + */ + if (attribs[1].ulValueLen == 0 || attribs[2].ulValueLen == 0) { continue; } /* allocate buffers for attributes */ - for (i = 0; i < 3; i++) - attribs[i].pValue = xmalloc(attribs[i].ulValueLen); + for (i = 0; i < 3; i++) { + if (attribs[i].ulValueLen > 0) { + attribs[i].pValue = xmalloc( + attribs[i].ulValueLen); + } + } + /* * retrieve ID, modulus and public exponent of RSA key, * or ID, subject and value for certificates. |