Angel Yankov
c25e6d53e6
General improvements * Align allocations of sc_mem_secure_alloc (#3281). * Fix -O3 gcc optimization failure on amd64 and ppc64el (#3299). pkcs11-spy * Avoid crash while spying C_GetInterface() (#3275). TCOS * Fix reading certificate (#3296). OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=92
112 lines
3.7 KiB
Diff
112 lines
3.7 KiB
Diff
commit 5e4f26b510b04624386c54816bf26aacea0fe4a1
|
|
Author: Veronika Hanulíková <vhanulik@redhat.com>
|
|
Date: Thu Jul 11 14:58:25 2024 +0200
|
|
|
|
cac: Fix uninitialized values
|
|
|
|
Thanks Matteo Marini for report
|
|
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
|
|
|
|
fuzz_card/1,fuzz_pkcs11/6
|
|
|
|
Index: opensc-0.25.1/src/libopensc/card-cac.c
|
|
===================================================================
|
|
--- opensc-0.25.1.orig/src/libopensc/card-cac.c
|
|
+++ opensc-0.25.1/src/libopensc/card-cac.c
|
|
@@ -252,7 +252,7 @@ static int cac_apdu_io(sc_card_t *card,
|
|
size_t * recvbuflen)
|
|
{
|
|
int r;
|
|
- sc_apdu_t apdu;
|
|
+ sc_apdu_t apdu = {0};
|
|
u8 rbufinitbuf[CAC_MAX_SIZE];
|
|
u8 *rbuf;
|
|
size_t rbuflen;
|
|
@@ -389,13 +389,13 @@ fail:
|
|
static int cac_read_file(sc_card_t *card, int file_type, u8 **out_buf, size_t *out_len)
|
|
{
|
|
u8 params[2];
|
|
- u8 count[2];
|
|
+ u8 count[2] = {0};
|
|
u8 *out = NULL;
|
|
- u8 *out_ptr;
|
|
+ u8 *out_ptr = NULL;
|
|
size_t offset = 0;
|
|
size_t size = 0;
|
|
size_t left = 0;
|
|
- size_t len;
|
|
+ size_t len = 0;
|
|
int r;
|
|
|
|
params[0] = file_type;
|
|
@@ -458,7 +458,7 @@ static int cac_read_binary(sc_card_t *ca
|
|
const u8 *tl_ptr, *val_ptr, *tl_start;
|
|
u8 *tlv_ptr;
|
|
const u8 *cert_ptr;
|
|
- size_t tl_len, val_len, tlv_len;
|
|
+ size_t tl_len = 0, val_len = 0, tlv_len;
|
|
size_t len, tl_head_len, cert_len;
|
|
u8 cert_type, tag;
|
|
|
|
@@ -1519,7 +1519,7 @@ static int cac_parse_CCC(sc_card_t *card
|
|
static int cac_process_CCC(sc_card_t *card, cac_private_data_t *priv, int depth)
|
|
{
|
|
u8 *tl = NULL, *val = NULL;
|
|
- size_t tl_len, val_len;
|
|
+ size_t tl_len = 0, val_len = 0;
|
|
int r;
|
|
|
|
if (depth > CAC_MAX_CCC_DEPTH) {
|
|
Index: opensc-0.25.1/src/libopensc/card-piv.c
|
|
===================================================================
|
|
--- opensc-0.25.1.orig/src/libopensc/card-piv.c
|
|
+++ opensc-0.25.1/src/libopensc/card-piv.c
|
|
@@ -4425,7 +4425,7 @@ static int piv_get_challenge(sc_card_t *
|
|
const u8 *p;
|
|
size_t out_len = 0;
|
|
int r;
|
|
- unsigned int tag_out, cla_out;
|
|
+ unsigned int tag_out = 0, cla_out = 0;
|
|
piv_private_data_t * priv = PIV_DATA(card);
|
|
|
|
LOG_FUNC_CALLED(card->ctx);
|
|
Index: opensc-0.25.1/src/libopensc/pkcs15-cert.c
|
|
===================================================================
|
|
--- opensc-0.25.1.orig/src/libopensc/pkcs15-cert.c
|
|
+++ opensc-0.25.1/src/libopensc/pkcs15-cert.c
|
|
@@ -169,7 +169,7 @@ sc_pkcs15_get_name_from_dn(struct sc_con
|
|
for (next_ava = rdn, next_ava_len = rdn_len; next_ava_len; ) {
|
|
const u8 *ava, *dummy, *oidp;
|
|
struct sc_object_id oid;
|
|
- size_t ava_len, dummy_len, oid_len;
|
|
+ size_t ava_len = 0, dummy_len, oid_len = 0;
|
|
|
|
/* unwrap the set and point to the next ava */
|
|
ava = sc_asn1_skip_tag(ctx, &next_ava, &next_ava_len, SC_ASN1_TAG_SET | SC_ASN1_CONS, &ava_len);
|
|
Index: opensc-0.25.1/src/libopensc/pkcs15-sc-hsm.c
|
|
===================================================================
|
|
--- opensc-0.25.1.orig/src/libopensc/pkcs15-sc-hsm.c
|
|
+++ opensc-0.25.1/src/libopensc/pkcs15-sc-hsm.c
|
|
@@ -386,7 +386,7 @@ int sc_pkcs15emu_sc_hsm_decode_cvc(sc_pk
|
|
struct sc_asn1_entry asn1_cvcert[C_ASN1_CVCERT_SIZE];
|
|
struct sc_asn1_entry asn1_cvc_body[C_ASN1_CVC_BODY_SIZE];
|
|
struct sc_asn1_entry asn1_cvc_pubkey[C_ASN1_CVC_PUBKEY_SIZE];
|
|
- unsigned int cla,tag;
|
|
+ unsigned int cla = 0, tag = 0;
|
|
size_t taglen;
|
|
const u8 *tbuf;
|
|
int r;
|
|
Index: opensc-0.25.1/src/pkcs15init/profile.c
|
|
===================================================================
|
|
--- opensc-0.25.1.orig/src/pkcs15init/profile.c
|
|
+++ opensc-0.25.1/src/pkcs15init/profile.c
|
|
@@ -1809,7 +1809,7 @@ do_pin_storedlength(struct state *cur, i
|
|
static int
|
|
do_pin_flags(struct state *cur, int argc, char **argv)
|
|
{
|
|
- unsigned int flags;
|
|
+ unsigned int flags = 0;
|
|
int i, r;
|
|
|
|
if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|