We got a report from a customer that they had a few users who could not log in using certain smart cards using Windows or Linux clients. The Windows client reported an assertion failure in tlclient, while the Linux client restarted - it is unknown if it hit the same assertion at this point.
Fixed in r28378.
Still not sure why we're getting data that's bigger than the buffer though.
Tester should, uh... not going to lie, this bug will be difficult to test properly. Make sure everything smart card auth still works fine, I guess. Try lots of different cards and SSH servers.
After Pierre examined the data given to the signRequest function, it was found to be in accordance to the SSH protocol. What caused this problem was probably a combination of too small buffer and long usernames/subjectNames.
Tested using client build 4319 and server 4318.
Initialized a aventra card with a certificate were the dn was 1505 bytes long. Client and server handled this without problesm also did passwdaliases.
Works as expected...