opensc/opensc-CVE-2024-45617.patch

commit fdb9e903eb124b6b18a5a9350a26eceb775585bc
Author: Veronika Hanulíková <vhanulik@redhat.com>
Date:   Tue Jul 16 14:05:36 2024 +0200

     cac: Check return value when selecting AID
    
    Thanks Matteo Marini for report
    https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
    
    fuzz_pkcs11/14

Index: opensc-0.22.0/src/libopensc/card-cac.c
===================================================================
--- opensc-0.22.0.orig/src/libopensc/card-cac.c
+++ opensc-0.22.0/src/libopensc/card-cac.c
@@ -1302,10 +1302,10 @@ static int cac_parse_aid(sc_card_t *card
 	/* Call without OID set will just select the AID without subsequent
 	 * OID selection, which we need to figure out just now
 	 */
-	cac_select_file_by_type(card, &new_object.path, NULL);
+	r = cac_select_file_by_type(card, &new_object.path, NULL);
+	LOG_TEST_RET(card->ctx, r, "Cannot select AID");
 	r = cac_get_properties(card, &prop);
-	if (r < 0)
-		return SC_ERROR_INTERNAL;
+	LOG_TEST_RET(card->ctx, r, "Cannot get CAC properties");
 
 	for (i = 0; i < prop.num_objects; i++) {
 		/* don't fail just because we have more certs than we can support */
Index: opensc-0.22.0/src/libopensc/card-cardos.c
===================================================================
--- opensc-0.22.0.orig/src/libopensc/card-cardos.c
+++ opensc-0.22.0/src/libopensc/card-cardos.c
@@ -1277,7 +1277,7 @@ cardos_lifecycle_get(sc_card_t *card, in
 	LOG_TEST_RET(card->ctx, r, "Card returned error");
 
 	if (apdu.resplen < 1) {
-		LOG_TEST_RET(card->ctx, r, "Lifecycle byte not in response");
+		LOG_TEST_RET(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Lifecycle byte not in response");
 	}
 
 	r = SC_SUCCESS;
Index: opensc-0.22.0/src/libopensc/card-jpki.c
===================================================================
--- opensc-0.22.0.orig/src/libopensc/card-jpki.c
+++ opensc-0.22.0/src/libopensc/card-jpki.c
@@ -195,6 +195,8 @@ jpki_select_file(struct sc_card *card,
 		u8 buf[4];
 		rc = sc_read_binary(card, 0, buf, 4, 0);
 		LOG_TEST_RET(card->ctx, rc, "SW Check failed");
+		if (rc < 4)
+			LOG_TEST_RET(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Received data too short");
 		file = sc_file_new();
 		if (!file) {
 			LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);