pool/opensc
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
opensc/opensc-CVE-2024-45620.patch
Angel Yankov 24eb6f5b62 - - Security fix: [CVE-2024-8443, bsc#1230364] 
* opensc: heap buffer overflow in OpenPGP driver when generating key
    * Added patch: opensc-CVE-2024-8443.patch

- Security fix: [opensc-CVE-2024-45620, bsc#1230076]
- Security fix: [opensc-CVE-2024-45619, bsc#1230075]
- Security fix: [opensc-CVE-2024-45618, bsc#1230074]
- Security fix: [opensc-CVE-2024-45617, bsc#1230073]
- Security fix: [opensc-CVE-2024-45616, bsc#1230072]
- Security fix: [opensc-CVE-2024-45615, bsc#1230071]
  * opensc: pkcs15init: Usage of uninitialized values in libopensc and pkcs15init
  * opensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc
  * opensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc
  * opensc: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init
  * opensc: Incorrect handling length of buffers or files in libopensc
  * opensc: Incorrect handling of the length of buffers or files in pkcs15init
  * Added patches:
    - opensc-CVE-2024-45615.patch
    - opensc-CVE-2024-45616.patch
    - opensc-CVE-2024-45617.patch
    - opensc-CVE-2024-45618.patch
    - opensc-CVE-2024-45619.patch
    - opensc-CVE-2024-45620.patch

OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=88
2024-10-02 13:32:39 +00:00

74 lines
2.4 KiB
Diff
Raw Blame History

commit a1bcc6516f43d570899820d259b71c53f8049168
Author: Veronika Hanulíková <vhanulik@redhat.com>
Date: Thu Jul 18 09:23:20 2024 +0200
pkcs15-starcos: Check length of file to be non-zero
Thanks Matteo Marini for report
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
fuzz_pkcs15init/20
Index: opensc-0.25.1/src/pkcs15init/pkcs15-starcos.c
===================================================================
--- opensc-0.25.1.orig/src/pkcs15init/pkcs15-starcos.c
+++ opensc-0.25.1/src/pkcs15init/pkcs15-starcos.c
@@ -670,6 +670,8 @@ static int starcos_write_pukey(sc_profil
return r;
len = tfile->size;
sc_file_free(tfile);
+ if (len == 0)
+ return SC_ERROR_INTERNAL;
buf = malloc(len);
if (!buf)
return SC_ERROR_OUT_OF_MEMORY;
@@ -684,7 +686,7 @@ static int starcos_write_pukey(sc_profil
if (num_keys == 0xff)
num_keys = 0;
/* encode public key */
- keylen = starcos_encode_pukey(rsa, NULL, kinfo);
+ keylen = starcos_encode_pukey(rsa, NULL, kinfo);
if (!keylen) {
free(buf);
return SC_ERROR_INTERNAL;
Index: opensc-0.25.1/src/libopensc/iasecc-sdo.c
===================================================================
--- opensc-0.25.1.orig/src/libopensc/iasecc-sdo.c
+++ opensc-0.25.1/src/libopensc/iasecc-sdo.c
@@ -318,16 +318,26 @@ iasecc_se_parse(struct sc_card *card, un
LOG_FUNC_CALLED(ctx);
+ if (data_len < 1)
+ LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
+
if (*data == IASECC_SDO_TEMPLATE_TAG) {
size_size = iasecc_parse_size(data + 1, data_len - 1, &size);
LOG_TEST_RET(ctx, size_size, "parse error: invalid size data of IASECC_SDO_TEMPLATE");
+ if (data_len - 1 < size)
+ LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
+
+
data += size_size + 1;
data_len = size;
sc_log(ctx,
"IASECC_SDO_TEMPLATE: size %"SC_FORMAT_LEN_SIZE_T"u, size_size %d",
size, size_size);
+ if (data_len < 3)
+ LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
+
if (*data != IASECC_SDO_TAG_HEADER)
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
@@ -759,6 +769,8 @@ iasecc_sdo_parse(struct sc_card *card, u
int rv;
LOG_FUNC_CALLED(ctx);
+ if (data == NULL || data_len < 2)
+ LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
if (*data == IASECC_SDO_TEMPLATE_TAG) {
size_size = iasecc_parse_size(data + 1, data_len - 1, &size);
Reference in New Issue View Git Blame Copy Permalink