Overview

File opensc-CVE-2023-40661-7of10.patch of Package opensc.31015

From ce7fcdaa35196706a83fe982900228e15464f928 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 17 Aug 2023 11:55:06 +0200
Subject: [PATCH] oberthur: Avoid heap buffer overflow

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650
---
 src/pkcs15init/pkcs15-oberthur.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/pkcs15init/pkcs15-oberthur.c b/src/pkcs15init/pkcs15-oberthur.c
index 377e28948e..b20bd6e6c4 100644
--- a/src/pkcs15init/pkcs15-oberthur.c
+++ b/src/pkcs15init/pkcs15-oberthur.c
@@ -531,7 +531,9 @@ cosm_new_file(struct sc_profile *profile, struct sc_card *card,
 	}
 
 	file->id |= (num & 0xFF);
-	file->path.value[file->path.len-1] |= (num & 0xFF);
+	if (file->path.len) {
+		file->path.value[file->path.len - 1] |= (num & 0xFF);
+	}
 	if (file->type == SC_FILE_TYPE_INTERNAL_EF)   {
 		file->ef_structure = structure;
 	}
openSUSE Build Service is sponsored by
Places