[Bug 1773] New: PKCS#11 authentication fails with "xmalloc: zero size" for some certificates.
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Jun 3 05:40:32 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1773
Summary: PKCS#11 authentication fails with "xmalloc: zero size"
for some certificates.
Product: Portable OpenSSH
Version: 5.5p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: mdrtbugzilla at codefive.co.uk
Created attachment 1851
--> https://bugzilla.mindrot.org/attachment.cgi?id=1851
Patch to fix xmalloc error when using pkcs11 for auth
I've been trying to use an Aladdin eToken PRO 64k (4.2) USB smart card
for public key ssh authentication (using the -I option with the PKCS11
library for the eToken), but OpenSSH would abort with the message:
xmalloc: zero size
I tracked this down to the pkcs11_fetch_keys function in ssh-pkcs11.c,
and discovered that C_GetAttributeValue returns a ulValueLen of 0 for
some of the attributes for some of my certificates. I believe that
this may be being caused by some CA certificates that I also have on
the eToken, which are stored without their private keys.
The attached patch (against CVS) resolves this issue by skipping to the
next certificate if any of the three attributes are returned as having
zero length. This should not affect operation for users currently not
experiencing this error.
I'm using Cygwin under Windows 7 x64, but I believe that this would
happen on other platforms, so I've set Hardware and OS to All.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list