opensc/opensc-NULL_pointer_fix.patch

From cde2e050ec4f2f1b7db38429aa4e9c0f4656308c Mon Sep 17 00:00:00 2001
From: Peter Popovec <popovec.peter@gmail.com>
Date: Wed, 26 Apr 2023 13:22:09 +0200
Subject: [PATCH] NULL pointer fix

Thanks to the clang analyzer:
 Null pointer passed to 2nd parameter expecting 'nonnull'
 [clang-analyzer-core.NonNullParamChecker]

	modified:   src/libopensc/card-myeid.c
---
 src/libopensc/card-myeid.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/libopensc/card-myeid.c b/src/libopensc/card-myeid.c
index 31dd209f3e..951c179f1b 100644
--- a/src/libopensc/card-myeid.c
+++ b/src/libopensc/card-myeid.c
@@ -1973,6 +1973,9 @@ myeid_enc_dec_sym(struct sc_card *card, const u8 *data, size_t datalen,
 				return_len = block_size - pad_byte;
 			}
 			*outlen = return_len;
+			/* application can request buffer size or actual buffer size is too small */
+			if (out == NULL)
+				LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 			if (return_len > *outlen)
 				LOG_FUNC_RETURN(ctx, SC_ERROR_BUFFER_TOO_SMALL);
 			memcpy(out, priv->sym_plain_buffer, return_len);
@@ -2042,10 +2045,11 @@ myeid_enc_dec_sym(struct sc_card *card, const u8 *data, size_t datalen,
 			priv->sym_crypt_buffer_len = 0;
 			rest_len = 0;
 		}
-		memcpy(sdata, data, apdu_datalen);
-		data += apdu_datalen;
-		datalen -= apdu_datalen;
-
+		if (data) {
+			memcpy(sdata, data, apdu_datalen);
+			data += apdu_datalen;
+			datalen -= apdu_datalen;
+		}
 		r = sc_transmit_apdu(card, &apdu);
 		LOG_TEST_RET(ctx, r, "APDU transmit failed");
 		r = sc_check_sw(card, apdu.sw1, apdu.sw2);
@@ -2084,7 +2088,8 @@ myeid_enc_dec_sym(struct sc_card *card, const u8 *data, size_t datalen,
 	/* save rest of data for next run */
 	priv->sym_crypt_buffer_len = datalen;
 	sc_log(ctx, "rest data len = %zu", datalen);
-	memcpy(priv->sym_crypt_buffer, data, datalen);
+	if (data)
+		memcpy(priv->sym_crypt_buffer, data, datalen);
 	sc_log(ctx, "return data len = %zu", return_len);
 	*outlen = return_len;
 	return SC_SUCCESS;
Accepting request 1116477 from home:ohollmann:branches:security:chipcard - Security Fix: [CVE-2023-40661, bsc#1215761] * opensc: multiple memory issues with pkcs15-init (enrollment tool) * Add patches: - opensc-CVE-2023-40661-1of12.patch - opensc-CVE-2023-40661-2of12.patch - opensc-CVE-2023-40661-3of12.patch - opensc-CVE-2023-40661-4of12.patch - opensc-CVE-2023-40661-5of12.patch - opensc-CVE-2023-40661-6of12.patch - opensc-CVE-2023-40661-7of12.patch - opensc-CVE-2023-40661-8of12.patch - opensc-CVE-2023-40661-9of12.patch - opensc-CVE-2023-40661-10of12.patch - opensc-CVE-2023-40661-11of12.patch - opensc-CVE-2023-40661-12of12.patch - Security Fix: [CVE-2023-4535, bsc#1215763] * Add patches: - opensc-CVE-2023-4535.patch - opensc-NULL_pointer_fix.patch - Security Fix: [CVE-2023-40660, bsc#1215762] * opensc: PIN bypass when card tracks its own login state * Add patches: - opensc-CVE-2023-40660-1of2.patch - opensc-CVE-2023-40660-2of2.patch OBS-URL: https://build.opensuse.org/request/show/1116477 OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=75 2023-10-10 14:49:01 +02:00			`From cde2e050ec4f2f1b7db38429aa4e9c0f4656308c Mon Sep 17 00:00:00 2001`
			`From: Peter Popovec <popovec.peter@gmail.com>`
			`Date: Wed, 26 Apr 2023 13:22:09 +0200`
			`Subject: [PATCH] NULL pointer fix`

			`Thanks to the clang analyzer:`
			`Null pointer passed to 2nd parameter expecting 'nonnull'`
			`[clang-analyzer-core.NonNullParamChecker]`

			`modified: src/libopensc/card-myeid.c`
			`---`
			`src/libopensc/card-myeid.c \| 15 ++++++++++-----`
			`1 file changed, 10 insertions(+), 5 deletions(-)`

			`diff --git a/src/libopensc/card-myeid.c b/src/libopensc/card-myeid.c`
			`index 31dd209f3e..951c179f1b 100644`
			`--- a/src/libopensc/card-myeid.c`
			`+++ b/src/libopensc/card-myeid.c`
			`@@ -1973,6 +1973,9 @@ myeid_enc_dec_sym(struct sc_card card, const u8 data, size_t datalen,`
			`return_len = block_size - pad_byte;`
			`}`
			`*outlen = return_len;`
			`+ /* application can request buffer size or actual buffer size is too small */`
			`+ if (out == NULL)`
			`+ LOG_FUNC_RETURN(ctx, SC_SUCCESS);`
			`if (return_len > *outlen)`
			`LOG_FUNC_RETURN(ctx, SC_ERROR_BUFFER_TOO_SMALL);`
			`memcpy(out, priv->sym_plain_buffer, return_len);`
			`@@ -2042,10 +2045,11 @@ myeid_enc_dec_sym(struct sc_card card, const u8 data, size_t datalen,`
			`priv->sym_crypt_buffer_len = 0;`
			`rest_len = 0;`
			`}`
			`- memcpy(sdata, data, apdu_datalen);`
			`- data += apdu_datalen;`
			`- datalen -= apdu_datalen;`
			`-`
			`+ if (data) {`
			`+ memcpy(sdata, data, apdu_datalen);`
			`+ data += apdu_datalen;`
			`+ datalen -= apdu_datalen;`
			`+ }`
			`r = sc_transmit_apdu(card, &apdu);`
			`LOG_TEST_RET(ctx, r, "APDU transmit failed");`
			`r = sc_check_sw(card, apdu.sw1, apdu.sw2);`
			`@@ -2084,7 +2088,8 @@ myeid_enc_dec_sym(struct sc_card card, const u8 data, size_t datalen,`
			`/* save rest of data for next run */`
			`priv->sym_crypt_buffer_len = datalen;`
			`sc_log(ctx, "rest data len = %zu", datalen);`
			`- memcpy(priv->sym_crypt_buffer, data, datalen);`
			`+ if (data)`
			`+ memcpy(priv->sym_crypt_buffer, data, datalen);`
			`sc_log(ctx, "return data len = %zu", return_len);`
			`*outlen = return_len;`
			`return SC_SUCCESS;`