opensc/opensc-CVE-2023-40661-1of12.patch

From 578aed8391ef117ca64a9e0cba8e5c264368a0ec Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Thu, 8 Dec 2022 00:27:18 +0100
Subject: [PATCH] sc_pkcs15init_rmdir: prevent out of bounds write

fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53927
---
 src/pkcs15init/pkcs15-lib.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index 91cee37310..3df03c6e1f 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -685,6 +685,8 @@ sc_pkcs15init_rmdir(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
 
 		path = df->path;
 		path.len += 2;
+		if (path.len > SC_MAX_PATH_SIZE)
+			return SC_ERROR_INTERNAL;
 
 		nfids = r / 2;
 		while (r >= 0 && nfids--) {
Accepting request 1116477 from home:ohollmann:branches:security:chipcard - Security Fix: [CVE-2023-40661, bsc#1215761] * opensc: multiple memory issues with pkcs15-init (enrollment tool) * Add patches: - opensc-CVE-2023-40661-1of12.patch - opensc-CVE-2023-40661-2of12.patch - opensc-CVE-2023-40661-3of12.patch - opensc-CVE-2023-40661-4of12.patch - opensc-CVE-2023-40661-5of12.patch - opensc-CVE-2023-40661-6of12.patch - opensc-CVE-2023-40661-7of12.patch - opensc-CVE-2023-40661-8of12.patch - opensc-CVE-2023-40661-9of12.patch - opensc-CVE-2023-40661-10of12.patch - opensc-CVE-2023-40661-11of12.patch - opensc-CVE-2023-40661-12of12.patch - Security Fix: [CVE-2023-4535, bsc#1215763] * Add patches: - opensc-CVE-2023-4535.patch - opensc-NULL_pointer_fix.patch - Security Fix: [CVE-2023-40660, bsc#1215762] * opensc: PIN bypass when card tracks its own login state * Add patches: - opensc-CVE-2023-40660-1of2.patch - opensc-CVE-2023-40660-2of2.patch OBS-URL: https://build.opensuse.org/request/show/1116477 OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=75 2023-10-10 14:49:01 +02:00			`From 578aed8391ef117ca64a9e0cba8e5c264368a0ec Mon Sep 17 00:00:00 2001`
			`From: Frank Morgner <frankmorgner@gmail.com>`
			`Date: Thu, 8 Dec 2022 00:27:18 +0100`
			`Subject: [PATCH] sc_pkcs15init_rmdir: prevent out of bounds write`

			`fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53927`
			`---`
			`src/pkcs15init/pkcs15-lib.c \| 2 ++`
			`1 file changed, 2 insertions(+)`

			`diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c`
			`index 91cee37310..3df03c6e1f 100644`
			`--- a/src/pkcs15init/pkcs15-lib.c`
			`+++ b/src/pkcs15init/pkcs15-lib.c`
			`@@ -685,6 +685,8 @@ sc_pkcs15init_rmdir(struct sc_pkcs15_card p15card, struct sc_profile profile,`

			`path = df->path;`
			`path.len += 2;`
			`+ if (path.len > SC_MAX_PATH_SIZE)`
			`+ return SC_ERROR_INTERNAL;`

			`nfids = r / 2;`
			`while (r >= 0 && nfids--) {`