Fwd: LP#929108 support reading PIN from file when using PKCS#11 devices
nmav at gnutls.org
Mon Apr 16 11:22:35 PDT 2012
On 04/16/2012 07:27 PM, Stef Walter wrote:
>> Maybe this can be mitigated by providing a sanitize_pkcs11_url()
>> function that would strip this field? Then programmers would be advised
>> to call this function for untrusted urls.
> Is the problem of PKCS#11 URIs from untrusted sources sufficiently
> understood? Until the problem and use cases are better understood, I
> would err on the side of discouraging any use of PKCS#11 URIs from
> untrusted sources.
Untrusted sources is quite difficult to define. Untrusted source
might also be the user in some application, so a sanitization might
be required for some applications.
>>> But for sanity's sake would we want to limit the size of the file that
>>> p11-kit will read in its p11_kit_pin_file_callback() handler?
>> Having a sanity check would also be good regardless of a url sanitize
> 1MB be a good max sanity check size?
For a PIN? I'd use something like 256 bytes or so!
> Also, while we're on the topic, is the current behavior of reading the
> PIN file byte-for-byte verbatim what's generally expected?
Are there alternatives? PKCS #11 accepts a byte string anyway.
More information about the p11-glue