pool/opensc
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
24eb6f5b62
opensc/opensc-CVE-2024-45618.patch
Angel Yankov 24eb6f5b62 - - Security fix: [CVE-2024-8443, bsc#1230364] 
* opensc: heap buffer overflow in OpenPGP driver when generating key
    * Added patch: opensc-CVE-2024-8443.patch

- Security fix: [opensc-CVE-2024-45620, bsc#1230076]
- Security fix: [opensc-CVE-2024-45619, bsc#1230075]
- Security fix: [opensc-CVE-2024-45618, bsc#1230074]
- Security fix: [opensc-CVE-2024-45617, bsc#1230073]
- Security fix: [opensc-CVE-2024-45616, bsc#1230072]
- Security fix: [opensc-CVE-2024-45615, bsc#1230071]
  * opensc: pkcs15init: Usage of uninitialized values in libopensc and pkcs15init
  * opensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc
  * opensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc
  * opensc: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init
  * opensc: Incorrect handling length of buffers or files in libopensc
  * opensc: Incorrect handling of the length of buffers or files in pkcs15init
  * Added patches:
    - opensc-CVE-2024-45615.patch
    - opensc-CVE-2024-45616.patch
    - opensc-CVE-2024-45617.patch
    - opensc-CVE-2024-45618.patch
    - opensc-CVE-2024-45619.patch
    - opensc-CVE-2024-45620.patch

OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=88
2024-10-02 13:32:39 +00:00

68 lines
2.3 KiB
Diff
Raw Blame History

commit 8632ec172beda894581d67eaa991e519a7874f7d
Author: Veronika Hanulíková <vhanulik@redhat.com>
Date: Wed Jul 17 11:18:52 2024 +0200
pkcs15-tcos: Check return value of serial num conversion
Thanks Matteo Marini for report
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
fuzz_pkcs15_encode/21
diff --git a/src/libopensc/pkcs15-tcos.c b/src/libopensc/pkcs15-tcos.c
index 4d02a98ee..2bd275c4f 100644
--- a/src/libopensc/pkcs15-tcos.c
+++ b/src/libopensc/pkcs15-tcos.c
@@ -531,10 +531,15 @@ int sc_pkcs15emu_tcos_init_ex(
/* get the card serial number */
r = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serialnr);
if (r < 0) {
- sc_log(ctx, "unable to get ICCSN\n");
+ sc_log(ctx, "unable to get ICCSN");
return SC_ERROR_WRONG_CARD;
}
- sc_bin_to_hex(serialnr.value, serialnr.len , serial, sizeof(serial), 0);
+ r = sc_bin_to_hex(serialnr.value, serialnr.len, serial, sizeof(serial), 0);
+ if (r != SC_SUCCESS) {
+ sc_log(ctx, "serial number invalid");
+ return SC_ERROR_INTERNAL;
+ }
+
serial[19] = '\0';
set_string(&p15card->tokeninfo->serial_number, serial);
commit f9d68660f032ad4d7803431d5fc7577ea8792ac3
Author: Veronika Hanulíková <vhanulik@redhat.com>
Date: Wed Jul 17 14:56:22 2024 +0200
pkcs15-lib: Report transport key error
Thanks Matteo Marini for report
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
fuzz_pkcs15init/17, fuzz_pkcs15init/18
diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index 6574e8025..943d53e98 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -3831,13 +3831,15 @@ sc_pkcs15init_get_transport_key(struct sc_profile *profile, struct sc_pkcs15_car
if (callbacks.get_key) {
rv = callbacks.get_key(profile, type, reference, defbuf, defsize, pinbuf, pinsize);
LOG_TEST_RET(ctx, rv, "Cannot get key");
- }
- else if (rv >= 0) {
+ } else if (rv >= 0) {
if (*pinsize < defsize)
LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "Get transport key error");
memcpy(pinbuf, data.key_data, data.len);
*pinsize = data.len;
+ } else {
+ /* pinbuf and pinsize were not filled */
+ LOG_TEST_RET(ctx, SC_ERROR_INTERNAL, "Get transport key error");
}
memset(&auth_info, 0, sizeof(auth_info));
Reference in New Issue View Git Blame Copy Permalink