[Bug 3327] New: Wrong index used in pkcs11 cert attribute array when fetching x509 subject name
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Jun 24 03:03:24 AEST 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3327
Bug ID: 3327
Summary: Wrong index used in pkcs11 cert attribute array when
fetching x509 subject name
Product: Portable OpenSSH
Version: 8.6p1
Hardware: Other
OS: All
Status: NEW
Severity: minor
Priority: P5
Component: Smartcard
Assignee: unassigned-bugs at mindrot.org
Reporter: leif.thuresson at helpsystems.com
Result is that key label is set to "invalid subject" instead of
certificate subject name.
Here is a fix diff against openssh-portable master branch
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 844aa9ff..a727d1bd 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -973,7 +973,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p,
CK_ULONG slotidx,
}
/* Decode DER-encoded cert subject */
- cp = cert_attr[2].pValue;
+ cp = cert_attr[1].pValue;
if ((x509_name = d2i_X509_NAME(NULL, &cp,
cert_attr[1].ulValueLen)) == NULL ||
(subject = X509_NAME_oneline(x509_name, NULL, 0)) == NULL)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list