avoid fatal() for PKCS11 tokens that present empty key IDs

bz#1773, ok markus@
author: djm <djm@openbsd.org> 2016-02-12 00:20:30 +0000
committer: djm <djm@openbsd.org> 2016-02-12 00:20:30 +0000
commit: 14fcadb63fcbecf6250399d245d234000659d548 (patch)
tree: d7e65a01922f6b04ee954c37994a990f4be35376
parent: hexidecimal -> hexadecimal (diff)
download: wireguard-openbsd-14fcadb63fcbecf6250399d245d234000659d548.tar.xz
wireguard-openbsd-14fcadb63fcbecf6250399d245d234000659d548.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/usr.bin/ssh/ssh-pkcs11.c b/usr.bin/ssh/ssh-pkcs11.c
index 7af883f0ad5..d2e20edfd65 100644
--- a/usr.bin/ssh/ssh-pkcs11.c
+++ b/usr.bin/ssh/ssh-pkcs11.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.21 2015/07/18 08:02:17 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.22 2016/02/12 00:20:30 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -313,8 +313,10 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
 	k11->slotidx = slotidx;
 	/* identify key object on smartcard */
 	k11->keyid_len = keyid_attrib->ulValueLen;
-	k11->keyid = xmalloc(k11->keyid_len);
-	memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
+	if (k11->keyid_len > 0) {
+		k11->keyid = xmalloc(k11->keyid_len);
+		memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
+	}
 	k11->orig_finish = def->finish;
 	memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method));
 	k11->rsa_method.name = "pkcs11";
author	djm <djm@openbsd.org>	2016-02-12 00:20:30 +0000
committer	djm <djm@openbsd.org>	2016-02-12 00:20:30 +0000
commit	14fcadb63fcbecf6250399d245d234000659d548 (patch)
tree	d7e65a01922f6b04ee954c37994a990f4be35376
parent	hexidecimal -> hexadecimal (diff)
download	wireguard-openbsd-14fcadb63fcbecf6250399d245d234000659d548.tar.xz wireguard-openbsd-14fcadb63fcbecf6250399d245d234000659d548.zip