File opensc-CVE-2023-40661-8of8.patch of Package opensc.33796

Overview Repositories Revisions Requests Users Attributes Meta

File opensc-CVE-2023-40661-8of8.patch of Package opensc.33796

From 41d61da8481582e12710b5858f8b635e0a71ab5e Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 20 Sep 2023 10:13:57 +0200
Subject: [PATCH] oberthur: Avoid buffer overflow

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650
---
 src/pkcs15init/pkcs15-oberthur.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/src/pkcs15init/pkcs15-oberthur.c
+++ b/src/pkcs15init/pkcs15-oberthur.c
@@ -697,6 +697,9 @@ cosm_create_key(struct sc_profile *profi
 	if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
 		SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Create key failed: RSA only supported");
 
+	if (key_info->path.len < 2)
+		SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OBJECT_NOT_VALID, "The path needs to be at least to bytes long");
+
 	sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create private key ID:%s",  sc_pkcs15_print_id(&key_info->id));
 	/* Here, the path of private key file should be defined.
 	 * Neverthelles, we need to instanciate private key to get the ACLs. */

Places

File opensc-CVE-2023-40661-8of8.patch of Package opensc.33796

Places