opensc/opensc-CVE-2023-40661-12of12.patch

From 41d61da8481582e12710b5858f8b635e0a71ab5e Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 20 Sep 2023 10:13:57 +0200
Subject: [PATCH] oberthur: Avoid buffer overflow

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650
---
 src/pkcs15init/pkcs15-oberthur.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/pkcs15init/pkcs15-oberthur.c b/src/pkcs15init/pkcs15-oberthur.c
index ad2cabd530..c441ab1e76 100644
--- a/src/pkcs15init/pkcs15-oberthur.c
+++ b/src/pkcs15init/pkcs15-oberthur.c
@@ -715,6 +715,9 @@ cosm_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 	if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
 		LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Create key failed: RSA only supported");
 
+	if (key_info->path.len < 2)
+		LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_VALID, "The path needs to be at least to bytes long");
+
 	sc_log(ctx,  "create private key ID:%s",  sc_pkcs15_print_id(&key_info->id));
 	/* Here, the path of private key file should be defined.
 	 * Nevertheless, we need to instantiate private key to get the ACLs. */
Accepting request 1116477 from home:ohollmann:branches:security:chipcard - Security Fix: [CVE-2023-40661, bsc#1215761] * opensc: multiple memory issues with pkcs15-init (enrollment tool) * Add patches: - opensc-CVE-2023-40661-1of12.patch - opensc-CVE-2023-40661-2of12.patch - opensc-CVE-2023-40661-3of12.patch - opensc-CVE-2023-40661-4of12.patch - opensc-CVE-2023-40661-5of12.patch - opensc-CVE-2023-40661-6of12.patch - opensc-CVE-2023-40661-7of12.patch - opensc-CVE-2023-40661-8of12.patch - opensc-CVE-2023-40661-9of12.patch - opensc-CVE-2023-40661-10of12.patch - opensc-CVE-2023-40661-11of12.patch - opensc-CVE-2023-40661-12of12.patch - Security Fix: [CVE-2023-4535, bsc#1215763] * Add patches: - opensc-CVE-2023-4535.patch - opensc-NULL_pointer_fix.patch - Security Fix: [CVE-2023-40660, bsc#1215762] * opensc: PIN bypass when card tracks its own login state * Add patches: - opensc-CVE-2023-40660-1of2.patch - opensc-CVE-2023-40660-2of2.patch OBS-URL: https://build.opensuse.org/request/show/1116477 OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=75 2023-10-10 14:49:01 +02:00			`From 41d61da8481582e12710b5858f8b635e0a71ab5e Mon Sep 17 00:00:00 2001`
			`From: Jakub Jelen <jjelen@redhat.com>`
			`Date: Wed, 20 Sep 2023 10:13:57 +0200`
			`Subject: [PATCH] oberthur: Avoid buffer overflow`

			`Thanks oss-fuzz`

			`https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650`
			`---`
			`src/pkcs15init/pkcs15-oberthur.c \| 3 +++`
			`1 file changed, 3 insertions(+)`

			`diff --git a/src/pkcs15init/pkcs15-oberthur.c b/src/pkcs15init/pkcs15-oberthur.c`
			`index ad2cabd530..c441ab1e76 100644`
			`--- a/src/pkcs15init/pkcs15-oberthur.c`
			`+++ b/src/pkcs15init/pkcs15-oberthur.c`
			`@@ -715,6 +715,9 @@ cosm_create_key(struct sc_profile profile, struct sc_pkcs15_card p15card,`
			`if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)`
			`LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Create key failed: RSA only supported");`

			`+ if (key_info->path.len < 2)`
			`+ LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_VALID, "The path needs to be at least to bytes long");`
			`+`
			`sc_log(ctx, "create private key ID:%s", sc_pkcs15_print_id(&key_info->id));`
			`/* Here, the path of private key file should be defined.`
			`* Nevertheless, we need to instantiate private key to get the ACLs. */`