[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 0/2] Try to fix problem with emulated smartcards
From: |
Alon Levy |
Subject: |
Re: [Qemu-devel] [PATCH 0/2] Try to fix problem with emulated smartcards where invalid PIN succeeds |
Date: |
Sun, 8 Sep 2013 04:18:00 -0400 (EDT) |
> I started writing a blog post yesterday about virtualized smartcards here:
>
> https://blogs.gnome.org/halfline/2013/09/08/another-smartcard-post/
>
> and while testing what I was writing I noticed an invalid PIN worked when
> it shouldn't have. It turns out that typing a valid PIN once in one program
> in
> the guest, is enough to make all future programs asking for the PIN to
> succeed
> regardless of what gets typed in for the PIN.
>
> I did some digging through the libcacard code, and noticed it uses the
> NSS PK11_Authenticate function which calls a function that has this comment
> above it:
>
> If we're already logged in and this function is called we
> will still prompt for a password, but we will probably succeed
> no matter what the password was.
>
> Also, PK11_Authenticate short-circuits to an early "return SECSuccess" if the
> token
> is already logged in.
>
> The two patches in this series attempt to correct this problem by calling
> PK11_Logout.
> I'm not 100% certain I've placed the PK11_Logout call in the best place, but
> it does
> seeming to fix the issue.
Hi Ray,
Thanks for the patches! It looks good to me but I'll defer to Robert,
Alon
>
>
>