rpm/opensc
SHA256
1
0
Fork 0
forked from pool/opensc
Code Pull Requests Activity
58d3215b4a
opensc/opensc-CVE-2023-40661-8of12.patch
Otto Hollmann 58d3215b4a Accepting request 1116477 from home:ohollmann:branches:security:chipcard 
- Security Fix: [CVE-2023-40661, bsc#1215761]
  * opensc: multiple memory issues with pkcs15-init (enrollment tool)
  * Add patches:
    - opensc-CVE-2023-40661-1of12.patch
    - opensc-CVE-2023-40661-2of12.patch
    - opensc-CVE-2023-40661-3of12.patch
    - opensc-CVE-2023-40661-4of12.patch
    - opensc-CVE-2023-40661-5of12.patch
    - opensc-CVE-2023-40661-6of12.patch
    - opensc-CVE-2023-40661-7of12.patch
    - opensc-CVE-2023-40661-8of12.patch
    - opensc-CVE-2023-40661-9of12.patch
    - opensc-CVE-2023-40661-10of12.patch
    - opensc-CVE-2023-40661-11of12.patch
    - opensc-CVE-2023-40661-12of12.patch

- Security Fix: [CVE-2023-4535, bsc#1215763]
  * Add patches:
    - opensc-CVE-2023-4535.patch
    - opensc-NULL_pointer_fix.patch

- Security Fix: [CVE-2023-40660, bsc#1215762]
  * opensc: PIN bypass when card tracks its own login state
  * Add patches:
    - opensc-CVE-2023-40660-1of2.patch
    - opensc-CVE-2023-40660-2of2.patch

OBS-URL: https://build.opensuse.org/request/show/1116477
OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=75
2023-10-10 12:49:01 +00:00

30 lines
922 B
Diff
Raw Blame History

From 638a5007a5d240d6fa901aa822cfeef94fe36e85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
Date: Thu, 10 Aug 2023 12:20:33 +0200
Subject: [PATCH] pkcs15-pubkey.c: Avoid double-free
Thanks OSS-Fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60616
---
src/libopensc/pkcs15-pubkey.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/libopensc/pkcs15-pubkey.c b/src/libopensc/pkcs15-pubkey.c
index 7107c47cbc..49b514968b 100644
--- a/src/libopensc/pkcs15-pubkey.c
+++ b/src/libopensc/pkcs15-pubkey.c
@@ -351,8 +351,12 @@ int sc_pkcs15_decode_pukdf_entry(struct sc_pkcs15_card *p15card,
err:
if (r < 0) {
sc_pkcs15_free_pubkey_info(info);
- if (der->len)
+ if (der->len) {
free(der->value);
+ /* der points to obj->content */
+ obj->content.value = NULL;
+ obj->content.len = 0;
+ }
}
LOG_FUNC_RETURN(ctx, r);
View Git Blame Copy Permalink