[krbdev.mit.edu #7916] git commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Fri Jun 27 12:34:55 EDT 2014
Don't blindly use PKCS11 slot IDs in PKINIT
Passing invalid slot IDs to C_OpenSession can cause some PKCS #11
implementations (such as the Solaris one) to crash. If a PKINIT
identity specifies a slotid, use it to filter the result of
C_GetSlotList, but don't try it if it does not appear in the list.
(cherry picked from commit ac406bac3d73a7e4efcc74adbb90c722457da969)
https://github.com/krb5/krb5/commit/2e56aa65e8d362b2ffe90c61e377594c822e893d
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: 2e56aa65e8d362b2ffe90c61e377594c822e893d
Branch: krb5-1.12
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 27 +++++++++----------
1 files changed, 13 insertions(+), 14 deletions(-)
More information about the krb5-bugs
mailing list