openssh bugs - Jun 2010 - [Bug 1773] New: PKCS#11 authentication fails with "xmalloc: zero size" for some certificates.

https://bugzilla.mindrot.org/show_bug.cgi?id=1773

           Summary: PKCS#11 authentication fails with "xmalloc: zero
size"
                    for some certificates.
           Product: Portable OpenSSH
           Version: 5.5p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Smartcard
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: mdrtbugzilla at codefive.co.uk


Created attachment 1851
  --> https://bugzilla.mindrot.org/attachment.cgi?id=1851
Patch to fix xmalloc error when using pkcs11 for auth

I've been trying to use an Aladdin eToken PRO 64k (4.2) USB smart card
for public key ssh authentication (using the -I option with the PKCS11
library for the eToken), but OpenSSH would abort with the message:

xmalloc: zero size

I tracked this down to the pkcs11_fetch_keys function in ssh-pkcs11.c,
and discovered that C_GetAttributeValue returns a ulValueLen of 0 for
some of the attributes for some of my certificates.  I believe that
this may be being caused by some CA certificates that I also have on
the eToken, which are stored without their private keys.

The attached patch (against CVS) resolves this issue by skipping to the
next certificate if any of the three attributes are returned as having
zero length.  This should not affect operation for users currently not
experiencing this error.

I'm using Cygwin under Windows 7 x64, but I believe that this would
happen on other platforms, so I've set Hardware and OS to All.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1773

Matt Robinson <mdrtbugzilla at codefive.co.uk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1851|application/octet-stream    |text/plain
          mime type|                            |
   Attachment #1851|0                           |1
           is patch|                            |

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1773

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Blocks|                            |1708

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1773

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #1 from Damien Miller <djm at mindrot.org>  ---
Fix applied - this will be in OpenSSH 5.6. Thanks!

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1773

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> 2011-01-24 12:33:55
EST ---
Move resolved bugs to CLOSED after 5.7 release

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.