openssh bugs - Jun 2021 - [Bug 3327] New: Wrong index used in pkcs11 cert attribute array when fetching x509 subject name

https://bugzilla.mindrot.org/show_bug.cgi?id=3327

            Bug ID: 3327
           Summary: Wrong index used in pkcs11 cert attribute array when
                    fetching x509 subject name
           Product: Portable OpenSSH
           Version: 8.6p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: Smartcard
          Assignee: unassigned-bugs at mindrot.org
          Reporter: leif.thuresson at helpsystems.com

Result is that key label is set to "invalid subject" instead of
certificate subject name.

Here is a fix diff against openssh-portable master branch



diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 844aa9ff..a727d1bd 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -973,7 +973,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p,
CK_ULONG slotidx,
        }

        /* Decode DER-encoded cert subject */
-       cp = cert_attr[2].pValue;
+       cp = cert_attr[1].pValue;
        if ((x509_name = d2i_X509_NAME(NULL, &cp,
            cert_attr[1].ulValueLen)) == NULL ||
            (subject = X509_NAME_oneline(x509_name, NULL, 0)) == NULL)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3327

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Status|NEW                         |ASSIGNED
             Blocks|                            |3302


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3302
[Bug 3302] Tracking bug for openssh-8.7
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3327

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
committed as d443006c0 and will be in the openssh-8.7 release - thanks!

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.