forked from pool/opensc
58d3215b4a
- Security Fix: [CVE-2023-40661, bsc#1215761]
* opensc: multiple memory issues with pkcs15-init (enrollment tool)
* Add patches:
- opensc-CVE-2023-40661-1of12.patch
- opensc-CVE-2023-40661-2of12.patch
- opensc-CVE-2023-40661-3of12.patch
- opensc-CVE-2023-40661-4of12.patch
- opensc-CVE-2023-40661-5of12.patch
- opensc-CVE-2023-40661-6of12.patch
- opensc-CVE-2023-40661-7of12.patch
- opensc-CVE-2023-40661-8of12.patch
- opensc-CVE-2023-40661-9of12.patch
- opensc-CVE-2023-40661-10of12.patch
- opensc-CVE-2023-40661-11of12.patch
- opensc-CVE-2023-40661-12of12.patch
- Security Fix: [CVE-2023-4535, bsc#1215763]
* Add patches:
- opensc-CVE-2023-4535.patch
- opensc-NULL_pointer_fix.patch
- Security Fix: [CVE-2023-40660, bsc#1215762]
* opensc: PIN bypass when card tracks its own login state
* Add patches:
- opensc-CVE-2023-40660-1of2.patch
- opensc-CVE-2023-40660-2of2.patch
OBS-URL: https://build.opensuse.org/request/show/1116477
OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=75
28 lines
909 B
Diff
28 lines
909 B
Diff
From 88880db0307a07e33cf2e1592bb029e9c170dfea Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
|
|
Date: Wed, 21 Jun 2023 15:48:27 +0200
|
|
Subject: [PATCH] pkcs15-pubkey: free DER value when parsing public key fails
|
|
|
|
The der value might be allocated in asn1_decode_entry()
|
|
but it is not released when errror occurs.
|
|
|
|
Thanks OSS-Fuzz
|
|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59615
|
|
---
|
|
src/libopensc/pkcs15-pubkey.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/src/libopensc/pkcs15-pubkey.c b/src/libopensc/pkcs15-pubkey.c
|
|
index 4a0ddffbeb..7107c47cbc 100644
|
|
--- a/src/libopensc/pkcs15-pubkey.c
|
|
+++ b/src/libopensc/pkcs15-pubkey.c
|
|
@@ -351,6 +351,8 @@ int sc_pkcs15_decode_pukdf_entry(struct sc_pkcs15_card *p15card,
|
|
err:
|
|
if (r < 0) {
|
|
sc_pkcs15_free_pubkey_info(info);
|
|
+ if (der->len)
|
|
+ free(der->value);
|
|
}
|
|
|
|
LOG_FUNC_RETURN(ctx, r);
|