diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-02-04 23:37:54 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-02-05 11:45:38 +1100 |
| commit | 7a7fdca78de4b4774950be056099e579ef595414 (patch) | |
| tree | 9314b168faeea9698bc63722db324e7ccbc88563 /ssh-pkcs11.c | |
| parent | cac302a4b42a988e54d32eb254b29b79b648dbf5 (diff) | |
upstream: fix NULL-deref crash in PKCS#11 code when attempting
login to a token requiring a PIN; reported by benno@ fix mostly by markus@
OpenBSD-Commit-ID: 438d0b114b1b4ba25a9869733db1921209aa9a31
Diffstat (limited to 'ssh-pkcs11.c')
| -rw-r--r-- | ssh-pkcs11.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index f116e4051..a1a2bab45 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-pkcs11.c,v 1.41 2019/01/22 12:03:58 djm Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11.c,v 1.42 2019/02/04 23:37:54 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. | 4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. |
| @@ -625,6 +625,7 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, | |||
| 625 | CK_RV rv; | 625 | CK_RV rv; |
| 626 | CK_SESSION_HANDLE session; | 626 | CK_SESSION_HANDLE session; |
| 627 | int login_required, have_pinpad, ret; | 627 | int login_required, have_pinpad, ret; |
| 628 | char prompt[1024], *xpin = NULL; | ||
| 628 | 629 | ||
| 629 | f = p->function_list; | 630 | f = p->function_list; |
| 630 | si = &p->slotinfo[slotidx]; | 631 | si = &p->slotinfo[slotidx]; |
| @@ -633,7 +634,8 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, | |||
| 633 | login_required = si->token.flags & CKF_LOGIN_REQUIRED; | 634 | login_required = si->token.flags & CKF_LOGIN_REQUIRED; |
| 634 | 635 | ||
| 635 | /* fail early before opening session */ | 636 | /* fail early before opening session */ |
| 636 | if (login_required && !have_pinpad && pin != NULL && strlen(pin) == 0) { | 637 | if (login_required && !have_pinpad && !pkcs11_interactive && |
| 638 | (pin == NULL || strlen(pin) == 0)) { | ||
| 637 | error("pin required"); | 639 | error("pin required"); |
| 638 | return (-SSH_PKCS11_ERR_PIN_REQUIRED); | 640 | return (-SSH_PKCS11_ERR_PIN_REQUIRED); |
| 639 | } | 641 | } |
| @@ -647,8 +649,21 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, | |||
| 647 | /* defer PIN entry to the reader keypad */ | 649 | /* defer PIN entry to the reader keypad */ |
| 648 | rv = f->C_Login(session, CKU_USER, NULL_PTR, 0); | 650 | rv = f->C_Login(session, CKU_USER, NULL_PTR, 0); |
| 649 | } else { | 651 | } else { |
| 652 | if (pkcs11_interactive) { | ||
| 653 | snprintf(prompt, sizeof(prompt), | ||
| 654 | "Enter PIN for '%s': ", si->token.label); | ||
| 655 | if ((xpin = read_passphrase(prompt, | ||
| 656 | RP_ALLOW_EOF)) == NULL) { | ||
| 657 | debug("%s: no pin specified", | ||
| 658 | __func__); | ||
| 659 | return (-SSH_PKCS11_ERR_PIN_REQUIRED); | ||
| 660 | } | ||
| 661 | pin = xpin; | ||
| 662 | } | ||
| 650 | rv = f->C_Login(session, CKU_USER, | 663 | rv = f->C_Login(session, CKU_USER, |
| 651 | (u_char *)pin, strlen(pin)); | 664 | (u_char *)pin, strlen(pin)); |
| 665 | if (xpin != NULL) | ||
| 666 | freezero(xpin, strlen(xpin)); | ||
| 652 | } | 667 | } |
| 653 | if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { | 668 | if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { |
| 654 | error("C_Login failed: %lu", rv); | 669 | error("C_Login failed: %lu", rv); |