Overview

File opensc-CVE-2024-45617.patch of Package opensc.35665

commit fdb9e903eb124b6b18a5a9350a26eceb775585bc
Author: Veronika Hanulíková <vhanulik@redhat.com>
Date:   Tue Jul 16 14:05:36 2024 +0200

     cac: Check return value when selecting AID
    
    Thanks Matteo Marini for report
    https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
    
    fuzz_pkcs11/14

Index: opensc-0.13.0/src/libopensc/card-cardos.c
===================================================================
--- opensc-0.13.0.orig/src/libopensc/card-cardos.c
+++ opensc-0.13.0/src/libopensc/card-cardos.c
@@ -896,7 +896,7 @@ cardos_lifecycle_get(sc_card_t *card, in
 	SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error");
 
 	if (apdu.resplen < 1) {
-		SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Lifecycle byte not in response");
+		LOG_TEST_RET(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Lifecycle byte not in response");
 	}
 
 	r = SC_SUCCESS;
openSUSE Build Service is sponsored by
Places