summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-02-05 00:37:54 +0100
committerDamien Miller <djm@mindrot.org>2019-02-05 01:45:38 +0100
commit7a7fdca78de4b4774950be056099e579ef595414 (patch)
tree9314b168faeea9698bc63722db324e7ccbc88563
parentupstream: Remove obsolete "Protocol" from commented out examples. Patch (diff)
downloadopenssh-7a7fdca78de4b4774950be056099e579ef595414.tar.xz
openssh-7a7fdca78de4b4774950be056099e579ef595414.zip
upstream: fix NULL-deref crash in PKCS#11 code when attempting
login to a token requiring a PIN; reported by benno@ fix mostly by markus@ OpenBSD-Commit-ID: 438d0b114b1b4ba25a9869733db1921209aa9a31
-rw-r--r--ssh-pkcs11.c19
1 files changed, 17 insertions, 2 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index f116e4051..a1a2bab45 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.41 2019/01/22 12:03:58 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.42 2019/02/04 23:37:54 djm Exp $ */
/*
* Copyright (c) 2010 Markus Friedl. All rights reserved.
* Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -625,6 +625,7 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin,
CK_RV rv;
CK_SESSION_HANDLE session;
int login_required, have_pinpad, ret;
+ char prompt[1024], *xpin = NULL;
f = p->function_list;
si = &p->slotinfo[slotidx];
@@ -633,7 +634,8 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin,
login_required = si->token.flags & CKF_LOGIN_REQUIRED;
/* fail early before opening session */
- if (login_required && !have_pinpad && pin != NULL && strlen(pin) == 0) {
+ if (login_required && !have_pinpad && !pkcs11_interactive &&
+ (pin == NULL || strlen(pin) == 0)) {
error("pin required");
return (-SSH_PKCS11_ERR_PIN_REQUIRED);
}
@@ -647,8 +649,21 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin,
/* defer PIN entry to the reader keypad */
rv = f->C_Login(session, CKU_USER, NULL_PTR, 0);
} else {
+ if (pkcs11_interactive) {
+ snprintf(prompt, sizeof(prompt),
+ "Enter PIN for '%s': ", si->token.label);
+ if ((xpin = read_passphrase(prompt,
+ RP_ALLOW_EOF)) == NULL) {
+ debug("%s: no pin specified",
+ __func__);
+ return (-SSH_PKCS11_ERR_PIN_REQUIRED);
+ }
+ pin = xpin;
+ }
rv = f->C_Login(session, CKU_USER,
(u_char *)pin, strlen(pin));
+ if (xpin != NULL)
+ freezero(xpin, strlen(xpin));
}
if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
error("C_Login failed: %lu", rv);