https://bugzilla.mindrot.org/show_bug.cgi?id=2474
Dmitry Savintsev <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #3069|0 |1 is obsolete| | CC| |[email protected] --- Comment #9 from Dmitry Savintsev <[email protected]> --- Created attachment 3093 --> https://bugzilla.mindrot.org/attachment.cgi?id=3093&action=edit Fifth Iteration off 7.6p1 I believe there is a small bug in the previous version of the patch ("Updated for 7.6p1" - 2017-10-20 15:48 EST) with missing zero check on k11->keyid_len before calling xmalloc in pkcs11_ecdsa_wrap. This leads to ssh-pkcs11-helper crashing when trying to add a SoftHSM (https://www.opendnssec.org/softhsm/) card with an ECDSA key (though it works fine with only RSA keys present). The check "if (k11->keyid_len > 0) {" is present in the pkcs11_rsa_wrap function, now added also in pkcs11_ecdsa_wrap. I also uploaded the 7.6p1 version with the previous ("Updated for 7.6p1") patch to https://github.com/dmitris/openssh-portable/tree/7.6p1-bug2474-patch, the version with the current fix is in https://github.com/dmitris/openssh-portable/tree/7.6p1-bug2474-patch-fix and the diff can be seen in the demo PR https://github.com/dmitris/openssh-portable/pull/1/files. With the fix applied, I was able to successfully add the SoftHSM "card" with ECDSA keys with "ssh-add -s /usr/local/lib/softhsm/libsofthsm2.so". (Thanks so much Mathias for creating the patch and making this possible!) -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
