diff options
author | Damien Miller <djm@mindrot.org> | 2010-06-26 09:36:10 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-06-26 09:36:10 +1000 |
commit | 4fe686d35fc1bbf5f160d1619ab392e09f3bd5c5 (patch) | |
tree | 9f073de6619c7692540348def963891ea9917454 | |
parent | 2e77446a13b0fd09c94c1a3d088b7d7e7e479fd3 (diff) |
- markus@cvs.openbsd.org 2010/06/08 21:32:19
[ssh-pkcs11.c]
check length of value returned C_GetAttributValue for != 0
from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | ssh-pkcs11.c | 10 |
2 files changed, 12 insertions, 2 deletions
@@ -3,6 +3,10 @@ | |||
3 | - djm@cvs.openbsd.org 2010/05/21 05:00:36 | 3 | - djm@cvs.openbsd.org 2010/05/21 05:00:36 |
4 | [misc.c] | 4 | [misc.c] |
5 | colon() returns char*, so s/return (0)/return NULL/ | 5 | colon() returns char*, so s/return (0)/return NULL/ |
6 | - markus@cvs.openbsd.org 2010/06/08 21:32:19 | ||
7 | [ssh-pkcs11.c] | ||
8 | check length of value returned C_GetAttributValue for != 0 | ||
9 | from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@ | ||
6 | 10 | ||
7 | 20100622 | 11 | 20100622 |
8 | - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 | 12 | - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 |
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 9460446d3..286c232c7 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11.c,v 1.5 2010/04/15 20:32:55 markus Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11.c,v 1.6 2010/06/08 21:32:19 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -433,7 +433,13 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, Key ***keysp, | |||
433 | error("C_GetAttributeValue failed: %lu", rv); | 433 | error("C_GetAttributeValue failed: %lu", rv); |
434 | continue; | 434 | continue; |
435 | } | 435 | } |
436 | /* allocate buffers for attributes, XXX check ulValueLen? */ | 436 | /* check that none of the attributes are zero length */ |
437 | if (attribs[0].ulValueLen == 0 || | ||
438 | attribs[1].ulValueLen == 0 || | ||
439 | attribs[2].ulValueLen == 0) { | ||
440 | continue; | ||
441 | } | ||
442 | /* allocate buffers for attributes */ | ||
437 | for (i = 0; i < 3; i++) | 443 | for (i = 0; i < 3; i++) |
438 | attribs[i].pValue = xmalloc(attribs[i].ulValueLen); | 444 | attribs[i].pValue = xmalloc(attribs[i].ulValueLen); |
439 | /* retrieve ID, modulus and public exponent of RSA key */ | 445 | /* retrieve ID, modulus and public exponent of RSA key */ |