Overview

File opensc-CVE-2024-45615.patch of Package opensc.35665

commit 5e4f26b510b04624386c54816bf26aacea0fe4a1
Author: Veronika Hanulíková <vhanulik@redhat.com>
Date:   Thu Jul 11 14:58:25 2024 +0200

    cac: Fix uninitialized values
    
    Thanks Matteo Marini for report
    https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
    
    fuzz_card/1,fuzz_pkcs11/6

Index: opensc-0.13.0/src/libopensc/pkcs15-sc-hsm.c
===================================================================
--- opensc-0.13.0.orig/src/libopensc/pkcs15-sc-hsm.c
+++ opensc-0.13.0/src/libopensc/pkcs15-sc-hsm.c
@@ -105,7 +105,7 @@ int sc_pkcs15emu_sc_hsm_decode_cvc(sc_pk
 	struct sc_asn1_entry asn1_cvcert[C_ASN1_CVCERT_SIZE];
 	struct sc_asn1_entry asn1_cvc_body[C_ASN1_CVC_BODY_SIZE];
 	struct sc_asn1_entry asn1_cvc_pubkey[C_ASN1_CVC_PUBKEY_SIZE];
-	unsigned int cla,tag;
+	unsigned int cla = 0, tag = 0;
 	size_t taglen;
 	size_t lenchr = sizeof(cvc->chr);
 	size_t lencar = sizeof(cvc->car);
Index: opensc-0.13.0/src/pkcs15init/profile.c
===================================================================
--- opensc-0.13.0.orig/src/pkcs15init/profile.c
+++ opensc-0.13.0/src/pkcs15init/profile.c
@@ -1646,7 +1646,7 @@ do_pin_storedlength(struct state *cur, i
 static int
 do_pin_flags(struct state *cur, int argc, char **argv)
 {
-	unsigned int	flags;
+	unsigned int	flags = 0;
 	int		i, r;
 
 	if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
openSUSE Build Service is sponsored by
Places