File opensc-added-bounds-checking.patch of Package opensc.33796

Overview Repositories Revisions Requests Users Attributes Meta

File opensc-added-bounds-checking.patch of Package opensc.33796

From 83f45cda2af16b65264103fbe0394fd422f0120d Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Sun, 27 May 2018 00:38:37 +0200
Subject: [PATCH] Added bounds checking to sc_simpletlv_read_tag()

- Logic is identical to sc_asn1_read_tag()
- Fixes out of bounds access e.g. in cac_parse_CCC
---
 src/libopensc/card-setcos.c | 14 +++++++-------
 src/libopensc/errors.c      |  2 ++
 src/libopensc/errors.h      |  2 ++
 src/libopensc/simpletlv.c   | 31 +++++++++++++++++++++----------
 src/tools/util.c            |  5 +++--
 5 files changed, 35 insertions(+), 19 deletions(-)

Index: opensc-0.13.0/src/libopensc/card-setcos.c
===================================================================
--- opensc-0.13.0.orig/src/libopensc/card-setcos.c
+++ opensc-0.13.0/src/libopensc/card-setcos.c
@@ -788,8 +788,8 @@ static void parse_sec_attr_44(sc_file_t
 
 	/* Check all sub-AC definitions whitin the total AC */
 	while (len > 1) {				/* minimum length = 2 */
-		int	iACLen   = buf[iOffset] & 0x0F;
-		if ((size_t) iACLen > len)
+		size_t iACLen   = buf[iOffset] & 0x0F;
+		if (iACLen > len)
 			break;
 
 		iPinCount = -1;			/* default no pin required */
@@ -797,8 +797,8 @@ static void parse_sec_attr_44(sc_file_t
 
 		if (buf[iOffset] & 0X80) { /* AC in adaptive coding */
 			/* Evaluates only the command-byte, not the optional P1/P2/Option bytes */
-			int	iParmLen = 1;			/* command-byte is always present */
-			int	iKeyLen  = 0;			/* Encryption key is optional */
+			size_t	iParmLen = 1;			/* command-byte is always present */
+			size_t	iKeyLen  = 0;			/* Encryption key is optional */
 
 			if (buf[iOffset]   & 0x20) iKeyLen++;
 			if (buf[iOffset+1] & 0x40) iParmLen++;
@@ -809,7 +809,7 @@ static void parse_sec_attr_44(sc_file_t
 			/* Get KeyNumber if available */
 			if(iKeyLen) {
 				int iSC;
-				if (len < 1+iACLen)
+				if (len < 1+(size_t)iACLen)
 					break;
 				iSC = buf[iOffset+iACLen];
 
@@ -830,7 +830,7 @@ static void parse_sec_attr_44(sc_file_t
 
 			/* Get PinNumber if available */
 			if (iACLen > (1+iParmLen+iKeyLen)) {  /* check via total length if pin is present */
-				if (len < 1+1+1+iParmLen)
+				if (len < 1+1+1+(size_t)iParmLen)
 					break;
 				iKeyRef = buf[iOffset+1+1+iParmLen];  /* PTL + AM-header + parameter-bytes */
 				iMethod = SC_AC_CHV;
@@ -873,7 +873,7 @@ static void parse_sec_attr_44(sc_file_t
 
 			if (buf[iOffset] & 0x20) {
 				int iSC;
-				if (len < 1 + iACLen)
+				if (len < 1 + (size_t)iACLen)
 					break;
 				iSC = buf[iOffset + iACLen];
 
Index: opensc-0.13.0/src/tools/util.c
===================================================================
--- opensc-0.13.0.orig/src/tools/util.c
+++ opensc-0.13.0/src/tools/util.c
@@ -30,6 +30,7 @@
 #endif
 #include <ctype.h>
 #include "util.h"
+#include "common/compat_strlcat.h"
 
 int
 is_string_valid_atr(const char *atr_str)
@@ -311,8 +312,8 @@ const char * util_acl_to_str(const sc_ac
 			strcpy(buf, "????");
 			break;
 		}
-		strncat(line, buf, sizeof line);
-		strncat(line, " ", sizeof line);
+		strlcat(line, buf, sizeof line);
+		strlcat(line, " ", sizeof line);
 		e = e->next;
 	}
 	line[(sizeof line)-1] = '\0'; /* make sure it's NUL terminated */

Places

File opensc-added-bounds-checking.patch of Package opensc.33796

Places