Overview

File opensc-CVE-2024-45620.patch of Package opensc.35665

commit a1bcc6516f43d570899820d259b71c53f8049168
Author: Veronika Hanulíková <vhanulik@redhat.com>
Date:   Thu Jul 18 09:23:20 2024 +0200

    pkcs15-starcos: Check length of file to be non-zero
    
    Thanks Matteo Marini for report
    https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
    
    fuzz_pkcs15init/20

Index: opensc-0.13.0/src/pkcs15init/pkcs15-starcos.c
===================================================================
--- opensc-0.13.0.orig/src/pkcs15init/pkcs15-starcos.c
+++ opensc-0.13.0/src/pkcs15init/pkcs15-starcos.c
@@ -670,6 +670,8 @@ static int starcos_write_pukey(sc_profil
 		return r;
 	len = tfile->size;
 	sc_file_free(tfile);
+	if (len == 0)
+		return SC_ERROR_INTERNAL;
 	buf = malloc(len);
 	if (!buf)
 		return SC_ERROR_OUT_OF_MEMORY;
@@ -682,7 +684,7 @@ static int starcos_write_pukey(sc_profil
 	if (num_keys == 0xff)
 		num_keys = 0;
 	/* encode public key */
-	keylen  = starcos_encode_pukey(rsa, NULL, kinfo);
+	keylen = starcos_encode_pukey(rsa, NULL, kinfo);
 	if (!keylen) {
 		free(buf);
 		return SC_ERROR_INTERNAL;
Index: opensc-0.13.0/src/libopensc/iasecc-sdo.c
===================================================================
--- opensc-0.13.0.orig/src/libopensc/iasecc-sdo.c
+++ opensc-0.13.0/src/libopensc/iasecc-sdo.c
@@ -324,14 +324,23 @@ iasecc_se_parse(struct sc_card *card, un
 
 	LOG_FUNC_CALLED(ctx);
 
+        if (data_len < 1)
+                LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
+
 	if (*data == IASECC_SDO_TEMPLATE_TAG)   {
 		size_size = iasecc_parse_size(data + 1, &size);
 		LOG_TEST_RET(ctx, size_size, "parse error: invalid size data of IASECC_SDO_TEMPLATE");
 
+                if (data_len - 1 < size)
+                        LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
+
 		data += size_size + 1;
 		data_len = size;
 		sc_log(ctx, "IASECC_SDO_TEMPLATE: size %i, size_size %i",  size, size_size);
 
+                if (data_len < 3)
+                        LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
+
 		if (*data != IASECC_SDO_TAG_HEADER)
 			LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
 
@@ -700,6 +709,8 @@ iasecc_sdo_parse(struct sc_card *card, u
 	int rv;
 
 	LOG_FUNC_CALLED(ctx);
+	if (data == NULL || data_len < 2)
+		LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
 
 	if (*data == IASECC_SDO_TEMPLATE_TAG)   {
 		size_size = iasecc_parse_size(data + 1, &size);
openSUSE Build Service is sponsored by
Places