Overview

File opensc-oberthur-overflow3.patch of Package opensc.11155

From 5d4daf6c92e4668f5458f380f3cacea3e879d91a Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 18 Mar 2021 19:48:33 +0100
Subject: [PATCH 4/5] oberthur: One more overlooked buffer overflow

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32202
---
 src/libopensc/pkcs15-oberthur.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Index: opensc-0.19.0/src/libopensc/pkcs15-oberthur.c
===================================================================
--- opensc-0.19.0.orig/src/libopensc/pkcs15-oberthur.c
+++ opensc-0.19.0/src/libopensc/pkcs15-oberthur.c
@@ -592,7 +592,10 @@ sc_pkcs15emu_oberthur_add_pubkey(struct
 	if (offs + 2 > info_len)
 		LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add public key: no 'Label'");
 	len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100;
-	if (len)   {
+	if (offs + 2 + len > info_len) {
+		free(info_blob);
+		LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Failed to add public key: invalid 'Label' length");
+	} else if (len) {
 		if (len > sizeof(key_obj.label) - 1)
 			len = sizeof(key_obj.label) - 1;
 		memcpy(key_obj.label, info_blob + offs + 2, len);
openSUSE Build Service is sponsored by
Places