upstream: don't incorrectly truncate logged strings retrieved from
PKCS#11 modules; based on GHPR406 by Jakub Jelen; ok markus OpenBSD-Commit-ID: 7ed1082f23a13b38c373008f856fd301d50012f9
This commit is contained in:
parent
d1ffde6b55
commit
6958f00acf
37
ssh-pkcs11.c
37
ssh-pkcs11.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-pkcs11.c,v 1.58 2023/07/19 14:02:27 djm Exp $ */
|
||||
/* $OpenBSD: ssh-pkcs11.c,v 1.59 2023/07/27 22:26:49 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2010 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2014 Pedro Martelletto. All rights reserved.
|
||||
|
@ -623,19 +623,22 @@ pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
|
|||
#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
|
||||
|
||||
/* remove trailing spaces */
|
||||
static void
|
||||
static char *
|
||||
rmspace(u_char *buf, size_t len)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
if (!len)
|
||||
return;
|
||||
if (len == 0)
|
||||
return buf;
|
||||
for (i = len - 1; i > 0; i--)
|
||||
if (i == len - 1 || buf[i] == ' ')
|
||||
if (buf[i] == ' ')
|
||||
buf[i] = '\0';
|
||||
else
|
||||
break;
|
||||
return buf;
|
||||
}
|
||||
/* Used to printf fixed-width, space-padded, unterminated strings using %.*s */
|
||||
#define RMSPACE(s) (int)sizeof(s), rmspace(s, sizeof(s))
|
||||
|
||||
/*
|
||||
* open a pkcs11 session and login if required.
|
||||
|
@ -1564,15 +1567,13 @@ pkcs11_register_provider(char *provider_id, char *pin,
|
|||
provider_id, rv);
|
||||
goto fail;
|
||||
}
|
||||
rmspace(p->info.manufacturerID, sizeof(p->info.manufacturerID));
|
||||
rmspace(p->info.libraryDescription, sizeof(p->info.libraryDescription));
|
||||
debug("provider %s: manufacturerID <%s> cryptokiVersion %d.%d"
|
||||
" libraryDescription <%s> libraryVersion %d.%d",
|
||||
debug("provider %s: manufacturerID <%.*s> cryptokiVersion %d.%d"
|
||||
" libraryDescription <%.*s> libraryVersion %d.%d",
|
||||
provider_id,
|
||||
p->info.manufacturerID,
|
||||
RMSPACE(p->info.manufacturerID),
|
||||
p->info.cryptokiVersion.major,
|
||||
p->info.cryptokiVersion.minor,
|
||||
p->info.libraryDescription,
|
||||
RMSPACE(p->info.libraryDescription),
|
||||
p->info.libraryVersion.major,
|
||||
p->info.libraryVersion.minor);
|
||||
if ((rv = f->C_GetSlotList(CK_TRUE, NULL, &p->nslots)) != CKR_OK) {
|
||||
|
@ -1607,15 +1608,13 @@ pkcs11_register_provider(char *provider_id, char *pin,
|
|||
"provider %s slot %lu", provider_id, (u_long)i);
|
||||
continue;
|
||||
}
|
||||
rmspace(token->label, sizeof(token->label));
|
||||
rmspace(token->manufacturerID, sizeof(token->manufacturerID));
|
||||
rmspace(token->model, sizeof(token->model));
|
||||
rmspace(token->serialNumber, sizeof(token->serialNumber));
|
||||
debug("provider %s slot %lu: label <%s> manufacturerID <%s> "
|
||||
"model <%s> serial <%s> flags 0x%lx",
|
||||
debug("provider %s slot %lu: label <%.*s> "
|
||||
"manufacturerID <%.*s> model <%.*s> serial <%.*s> "
|
||||
"flags 0x%lx",
|
||||
provider_id, (unsigned long)i,
|
||||
token->label, token->manufacturerID, token->model,
|
||||
token->serialNumber, token->flags);
|
||||
RMSPACE(token->label), RMSPACE(token->manufacturerID),
|
||||
RMSPACE(token->model), RMSPACE(token->serialNumber),
|
||||
token->flags);
|
||||
/*
|
||||
* open session, login with pin and retrieve public
|
||||
* keys (if keyp is provided)
|
||||
|
|
Loading…
Reference in New Issue