diff options
| author | Will Fiveash <will.fiveash@oracle.com> | 2010-07-28 17:47:31 -0500 |
|---|---|---|
| committer | Will Fiveash <will.fiveash@oracle.com> | 2010-07-28 17:47:31 -0500 |
| commit | 03e68e16360787df5115ab1eaf2a78ff24c65ef5 (patch) | |
| tree | 7c9879f093249e71dcca3dd62cb49a9f1d78e6dd /usr/src/lib/krb5/plugins | |
| parent | a1219d13c55c5c19f908e22969fca7a55982b14b (diff) | |
| download | illumos-gate-03e68e16360787df5115ab1eaf2a78ff24c65ef5.tar.gz | |
6936364 pkinit plugin mishandles the token label
Diffstat (limited to 'usr/src/lib/krb5/plugins')
| -rw-r--r-- | usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 42 |
1 files changed, 34 insertions, 8 deletions
diff --git a/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c index d73efc201a..a41b281481 100644 --- a/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -44,6 +44,7 @@ /* Solaris Kerberos */ #include <libintl.h> #include "k5-int.h" +#include <ctype.h> /* * Q: What is this SILLYDECRYPT stuff about? @@ -3476,7 +3477,6 @@ pkinit_open_session(krb5_context context, pkinit_identity_crypto_context cctx) { int i, r; - unsigned char *cp; CK_ULONG count = 0; CK_SLOT_ID_PTR slotlist; CK_TOKEN_INFO tinfo; @@ -3538,14 +3538,40 @@ pkinit_open_session(krb5_context context, pkiDebug("C_GetTokenInfo: %s\n", pkinit_pkcs11_code_to_text(r)); return KRB5KDC_ERR_PREAUTH_FAILED; } - for (cp = tinfo.label + sizeof (tinfo.label) - 1; - *cp == '\0' || *cp == ' '; cp--) - *cp = '\0'; - pkiDebug("open_session: slotid %d token \"%s\"\n", - (int) slotlist[i], tinfo.label); - if (cctx->token_label == NULL || - !strcmp((char *) cctx->token_label, (char *) tinfo.label)) + + if (cctx->token_label == NULL) { + /* nothing to compare to assume this is the right token */ break; + } else { + /* + 1 so tokenlabelstr can be \0 terminated */ + char tokenlabelstr[sizeof (tinfo.label) + 1]; + int j; + + /* + * Convert token label into C string with trailing white space trimmed. + * Note, a token label is not a \0 terminated string. + */ + /* + * \0 terminate tokenlabelstr in case the last char in the token + * label is non-whitespace + */ + tokenlabelstr[sizeof (tokenlabelstr) - 1] = '\0'; + (void) memcpy(tokenlabelstr, (char *) tinfo.label, sizeof (tinfo.label)); + /* init j so it skips the \0 terminator */ + for (j = sizeof (tinfo.label) - 1; j >= 0; j--) { + if (isblank(tokenlabelstr[j])) + tokenlabelstr[j] = '\0'; + else + break; + } + + pkiDebug("open_session: slotid %d token found: \"%s\", " + "cctx->token_label: \"%s\"\n", + slotlist[i], tokenlabelstr, (char *) cctx->token_label); + if (!strcmp(cctx->token_label, tokenlabelstr)) { + break; + } + } cctx->p11->C_CloseSession(cctx->session); } if (i >= count) { |