[gnutls-devel] GnuTLS | p11tool crashes when trying to display very long CKA_IDs (#520)

Mark Ignacio gitlab at mg.gitlab.com
Tue Jul 17 19:28:51 CEST 2018

New Issue was created.

Issue 520: https://gitlab.com/gnutls/gnutls/issues/520
Author:    Mark Ignacio

## Description of problem:

p11tool is able to display the PKCS#11 URI for an object with a CKA_ID longer than 42 bytes, but crashes when displaying the colon-delimited version.

As far as I know, the PKCS#11 spec puts no limit on the size of a CKA_ID.

## Version of gnutls used:


## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

Fedora 28

## How reproducible:

Steps to Reproduce:

 * Using some other tool, create an object with an pretty long CKA_ID. I triggered this with a 68 byte ID.
 * Invoke `p11tool --list-all` on the token.

## Actual results:

$ p11tool --list-all 'pkcs11:model=SLB9670'Object 0:
	URL: pkcs11:model=SLB9670;manufacturer=IFX;serial=;token=TPM2.0;id=%30%30%30%62%30%37%62%63%34%37%66%33%37%33%63%35%36%37%64%38%32%31%61%61%30%63%61%34%63%38%36%36%37%65%66%62%66%39%36%62%32%62%64%34%32%37%34%61%36%39%36%30%30%66%33%65%65%39%37%35%37%32%38%38%31%31%30%34;type=public
	Type: Public key
Error in pkcs11_list:333: The given memory buffer is too short to hold parameters.

## Expected results:

Manually truncating the CKA_ID to 42 bytes with my PKCS#11 library, I can get it to print the ID out.


Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/520
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180717/a630e927/attachment.html>

More information about the Gnutls-devel mailing list