[Bug 1773] New: PKCS#11 authentication fails with "xmalloc: zero size" for some certificates.

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Jun 3 05:40:32 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1773

           Summary: PKCS#11 authentication fails with "xmalloc: zero size"
                    for some certificates.
           Product: Portable OpenSSH
           Version: 5.5p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Smartcard
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: mdrtbugzilla at codefive.co.uk


Created attachment 1851
  --> https://bugzilla.mindrot.org/attachment.cgi?id=1851
Patch to fix xmalloc error when using pkcs11 for auth

I've been trying to use an Aladdin eToken PRO 64k (4.2) USB smart card
for public key ssh authentication (using the -I option with the PKCS11
library for the eToken), but OpenSSH would abort with the message:

xmalloc: zero size

I tracked this down to the pkcs11_fetch_keys function in ssh-pkcs11.c,
and discovered that C_GetAttributeValue returns a ulValueLen of 0 for
some of the attributes for some of my certificates.  I believe that
this may be being caused by some CA certificates that I also have on
the eToken, which are stored without their private keys.

The attached patch (against CVS) resolves this issue by skipping to the
next certificate if any of the three attributes are returned as having
zero length.  This should not affect operation for users currently not
experiencing this error.

I'm using Cygwin under Windows 7 x64, but I believe that this would
happen on other platforms, so I've set Hardware and OS to All.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list