https://bugzilla.mindrot.org/show_bug.cgi?id=1773
Summary: PKCS#11 authentication fails with "xmalloc: zero size"
for some certificates.
Product: Portable OpenSSH
Version: 5.5p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo: [email protected]
ReportedBy: [email protected]
Created attachment 1851
--> https://bugzilla.mindrot.org/attachment.cgi?id=1851
Patch to fix xmalloc error when using pkcs11 for auth
I've been trying to use an Aladdin eToken PRO 64k (4.2) USB smart card
for public key ssh authentication (using the -I option with the PKCS11
library for the eToken), but OpenSSH would abort with the message:
xmalloc: zero size
I tracked this down to the pkcs11_fetch_keys function in ssh-pkcs11.c,
and discovered that C_GetAttributeValue returns a ulValueLen of 0 for
some of the attributes for some of my certificates. I believe that
this may be being caused by some CA certificates that I also have on
the eToken, which are stored without their private keys.
The attached patch (against CVS) resolves this issue by skipping to the
next certificate if any of the three attributes are returned as having
zero length. This should not affect operation for users currently not
experiencing this error.
I'm using Cygwin under Windows 7 x64, but I believe that this would
happen on other platforms, so I've set Hardware and OS to All.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
