[gnutls-devel] GnuTLS | p11tool crashes when trying to display very long CKA_IDs (#520)
Mark Ignacio
gitlab at mg.gitlab.com
Tue Jul 17 19:28:51 CEST 2018
New Issue was created.
Issue 520: https://gitlab.com/gnutls/gnutls/issues/520
Author: Mark Ignacio
Assignee:
## Description of problem:
p11tool is able to display the PKCS#11 URI for an object with a CKA_ID longer than 42 bytes, but crashes when displaying the colon-delimited version.
As far as I know, the PKCS#11 spec puts no limit on the size of a CKA_ID.
## Version of gnutls used:
3.6.2-3.fc28
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Fedora 28
## How reproducible:
Steps to Reproduce:
* Using some other tool, create an object with an pretty long CKA_ID. I triggered this with a 68 byte ID.
* Invoke `p11tool --list-all` on the token.
## Actual results:
```
$ p11tool --list-all 'pkcs11:model=SLB9670'Object 0:
URL: pkcs11:model=SLB9670;manufacturer=IFX;serial=;token=TPM2.0;id=%30%30%30%62%30%37%62%63%34%37%66%33%37%33%63%35%36%37%64%38%32%31%61%61%30%63%61%34%63%38%36%36%37%65%66%62%66%39%36%62%32%62%64%34%32%37%34%61%36%39%36%30%30%66%33%65%65%39%37%35%37%32%38%38%31%31%30%34;type=public
Type: Public key
Label:
Error in pkcs11_list:333: The given memory buffer is too short to hold parameters.
```
## Expected results:
Manually truncating the CKA_ID to 42 bytes with my PKCS#11 library, I can get it to print the ID out.
```
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/520
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180717/a630e927/attachment.html>
More information about the Gnutls-devel
mailing list