opensc/opensc-CVE-2023-40661-9of12.patch

From ce7fcdaa35196706a83fe982900228e15464f928 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 17 Aug 2023 11:55:06 +0200
Subject: [PATCH] oberthur: Avoid heap buffer overflow

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650
---
 src/pkcs15init/pkcs15-oberthur.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/pkcs15init/pkcs15-oberthur.c b/src/pkcs15init/pkcs15-oberthur.c
index 377e28948e..b20bd6e6c4 100644
--- a/src/pkcs15init/pkcs15-oberthur.c
+++ b/src/pkcs15init/pkcs15-oberthur.c
@@ -531,7 +531,9 @@ cosm_new_file(struct sc_profile *profile, struct sc_card *card,
 	}
 
 	file->id |= (num & 0xFF);
-	file->path.value[file->path.len-1] |= (num & 0xFF);
+	if (file->path.len) {
+		file->path.value[file->path.len - 1] |= (num & 0xFF);
+	}
 	if (file->type == SC_FILE_TYPE_INTERNAL_EF)   {
 		file->ef_structure = structure;
 	}
Accepting request 1116477 from home:ohollmann:branches:security:chipcard - Security Fix: [CVE-2023-40661, bsc#1215761] * opensc: multiple memory issues with pkcs15-init (enrollment tool) * Add patches: - opensc-CVE-2023-40661-1of12.patch - opensc-CVE-2023-40661-2of12.patch - opensc-CVE-2023-40661-3of12.patch - opensc-CVE-2023-40661-4of12.patch - opensc-CVE-2023-40661-5of12.patch - opensc-CVE-2023-40661-6of12.patch - opensc-CVE-2023-40661-7of12.patch - opensc-CVE-2023-40661-8of12.patch - opensc-CVE-2023-40661-9of12.patch - opensc-CVE-2023-40661-10of12.patch - opensc-CVE-2023-40661-11of12.patch - opensc-CVE-2023-40661-12of12.patch - Security Fix: [CVE-2023-4535, bsc#1215763] * Add patches: - opensc-CVE-2023-4535.patch - opensc-NULL_pointer_fix.patch - Security Fix: [CVE-2023-40660, bsc#1215762] * opensc: PIN bypass when card tracks its own login state * Add patches: - opensc-CVE-2023-40660-1of2.patch - opensc-CVE-2023-40660-2of2.patch OBS-URL: https://build.opensuse.org/request/show/1116477 OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=75 2023-10-10 14:49:01 +02:00			`From ce7fcdaa35196706a83fe982900228e15464f928 Mon Sep 17 00:00:00 2001`
			`From: Jakub Jelen <jjelen@redhat.com>`
			`Date: Thu, 17 Aug 2023 11:55:06 +0200`
			`Subject: [PATCH] oberthur: Avoid heap buffer overflow`

			`Thanks oss-fuzz`

			`https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650`
			`---`
			`src/pkcs15init/pkcs15-oberthur.c \| 4 +++-`
			`1 file changed, 3 insertions(+), 1 deletion(-)`

			`diff --git a/src/pkcs15init/pkcs15-oberthur.c b/src/pkcs15init/pkcs15-oberthur.c`
			`index 377e28948e..b20bd6e6c4 100644`
			`--- a/src/pkcs15init/pkcs15-oberthur.c`
			`+++ b/src/pkcs15init/pkcs15-oberthur.c`
			`@@ -531,7 +531,9 @@ cosm_new_file(struct sc_profile profile, struct sc_card card,`
			`}`

			`file->id \|= (num & 0xFF);`
			`- file->path.value[file->path.len-1] \|= (num & 0xFF);`
			`+ if (file->path.len) {`
			`+ file->path.value[file->path.len - 1] \|= (num & 0xFF);`
			`+ }`
			`if (file->type == SC_FILE_TYPE_INTERNAL_EF) {`
			`file->ef_structure = structure;`
			`}`