File opensc-0_13_0-CVE-2021-42782.patch of Package opensc.33796
Index: opensc-0.13.0/src/libopensc/card-cardos.c
===================================================================
--- opensc-0.13.0.orig/src/libopensc/card-cardos.c
+++ opensc-0.13.0/src/libopensc/card-cardos.c
@@ -122,7 +122,7 @@ static int cardos_have_2048bit_package(s
sc_apdu_t apdu;
u8 rbuf[SC_MAX_APDU_BUFFER_SIZE];
int r;
- const u8 *p = rbuf, *q;
+ const u8 *p = rbuf, *q, *pp;
size_t len, tlen = 0, ilen = 0;
sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88);
@@ -138,10 +138,10 @@ static int cardos_have_2048bit_package(s
return 0;
while (len != 0) {
- p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
- if (p == NULL)
+ pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
+ if (pp == NULL)
return 0;
- q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, &ilen);
+ q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, &ilen);
if (q == NULL || ilen != 4)
return 0;
if (q[0] == 0x1c)
Index: opensc-0.13.0/src/libopensc/card-iasecc.c
===================================================================
--- opensc-0.13.0.orig/src/libopensc/card-iasecc.c
+++ opensc-0.13.0/src/libopensc/card-iasecc.c
@@ -1073,7 +1073,7 @@ iasecc_process_fci(struct sc_card *card,
else
acls = sc_asn1_find_tag(ctx, buf, buflen, IASECC_DOCP_TAG_ACLS_CONTACT, &taglen);
- if (!acls) {
+ if (!acls || taglen < 7) {
sc_log(ctx, "ACLs not found in data(%i) %s", buflen, sc_dump_hex(buf, buflen));
LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_FOUND, "ACLs tag missing");
}
Index: opensc-0.13.0/src/libopensc/pkcs15-tcos.c
===================================================================
--- opensc-0.13.0.orig/src/libopensc/pkcs15-tcos.c
+++ opensc-0.13.0/src/libopensc/pkcs15-tcos.c
@@ -148,7 +148,7 @@ static int insert_key(
sc_debug(ctx, SC_LOG_DEBUG_NORMAL,"No EF_KEYD-Record found\n");
return 1;
}
- for(i=0;i<r;i+=2+buf[i+1]){
+ for(i=0;i+1<r;i+=2+buf[i+1]){
if(buf[i]==0xB6) can_sign++;
if(buf[i]==0xB8) can_crypt++;
}
