Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
opensc.33796
opensc-oberthur-memory-init.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File opensc-oberthur-memory-init.patch of Package opensc.33796
From 40c50a3a4219308aae90f6efd7b10213794a8d86 Mon Sep 17 00:00:00 2001 From: Jakub Jelen <jjelen@redhat.com> Date: Mon, 1 Mar 2021 11:57:06 +0100 Subject: [PATCH 2/5] oberthur: Handle more memory issues during initialization Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31540 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31448 --- src/libopensc/pkcs15-oberthur.c | 83 ++++++++++++++++++++++++++------- 1 file changed, 66 insertions(+), 17 deletions(-) Index: opensc-0.13.0/src/libopensc/pkcs15-oberthur.c =================================================================== --- opensc-0.13.0.orig/src/libopensc/pkcs15-oberthur.c +++ opensc-0.13.0/src/libopensc/pkcs15-oberthur.c @@ -633,7 +633,7 @@ sc_pkcs15emu_oberthur_add_cert(struct sc struct sc_context *ctx = p15card->card->ctx; struct sc_pkcs15_cert_info cinfo; struct sc_pkcs15_object cobj; - unsigned char *info_blob, *cert_blob; + unsigned char *info_blob = NULL, *cert_blob = NULL; size_t info_len, cert_len, len, offs; unsigned flags; int rv; @@ -649,16 +649,23 @@ sc_pkcs15emu_oberthur_add_cert(struct sc rv = sc_oberthur_read_file(p15card, ch_tmp, &info_blob, &info_len, 1); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to add certificate: read oberthur file error"); - if (info_len < 2) + if (info_len < 2) { + free(info_blob); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add certificate: no 'tag'"); + } flags = *(info_blob + 0) * 0x100 + *(info_blob + 1); offs = 2; /* Label */ - if (offs + 2 > info_len) + if (offs + 2 > info_len) { + free(info_blob); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add certificate: no 'CN'"); + } len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; - if (len) { + if (len + offs + 2 > info_len) { + free(info_blob); + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Invalid 'CN' length"); + } else if (len) { if (len > sizeof(cobj.label) - 1) len = sizeof(cobj.label) - 1; memcpy(cobj.label, info_blob + offs + 2, len); @@ -666,14 +673,23 @@ sc_pkcs15emu_oberthur_add_cert(struct sc offs += 2 + len; /* ID */ - if (offs > info_len) + if (offs + 2 > info_len) { + free(info_blob); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add certificate: no 'ID'"); + } len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; - if (len > sizeof(cinfo.id.value)) + if (len + offs + 2 > info_len) { + free(info_blob); + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Invalid 'ID' length"); + } else if (len > sizeof(cinfo.id.value)) { + free(info_blob); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_DATA, "Failed to add certificate: invalie 'ID' length"); + } memcpy(cinfo.id.value, info_blob + offs + 2, len); cinfo.id.len = len; + free(info_blob); + /* Ignore subject, issuer and serial */ snprintf(ch_tmp, sizeof(ch_tmp), "%s%04X", AWP_OBJECTS_DF_PUB, file_id); @@ -758,15 +774,23 @@ sc_pkcs15emu_oberthur_add_prvkey(struct rv = sc_oberthur_read_file(p15card, ch_tmp, &info_blob, &info_len, 1); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to add private key: read oberthur file error"); - if (info_len < 2) + if (info_len < 2) { + free(info_blob); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add private key: no 'tag'"); + } flags = *(info_blob + 0) * 0x100 + *(info_blob + 1); offs = 2; /* CN */ - if (offs > info_len) + if (offs + 2 > info_len) { + free(info_blob); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add private key: no 'CN'"); + } len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; + if (len + offs + 2 > info_len) { + free(info_blob); + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Invalid 'CN' length"); + } if (len && !strlen(kobj.label)) { if (len > sizeof(kobj.label) - 1) len = sizeof(kobj.label) - 1; @@ -775,13 +799,21 @@ sc_pkcs15emu_oberthur_add_prvkey(struct offs += 2 + len; /* ID */ - if (offs > info_len) + if (offs + 2> info_len) { + free(info_blob); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add private key: no 'ID'"); + } len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; - if (!len) + if (!len) { + free(info_blob); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add private key: zero length ID"); - else if (len > sizeof(kinfo.id.value)) + } else if (len + offs + 2 > info_len) { + free(info_blob); + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Invalid 'ID' length"); + } else if (len > sizeof(kinfo.id.value)) { + free(info_blob); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_DATA, "Failed to add private key: invalid ID length"); + } memcpy(kinfo.id.value, info_blob + offs + 2, len); kinfo.id.len = len; offs += 2 + len; @@ -790,19 +822,28 @@ sc_pkcs15emu_oberthur_add_prvkey(struct offs += 16; /* Subject encoded in ASN1 */ - if (offs > info_len) - return SC_ERROR_UNKNOWN_DATA_RECEIVED; + if (offs + 2 > info_len) { + free(info_blob); + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add private key: no 'subject'"); + } len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; - if (len) { + if (len + offs + 2 > info_len) { + free(info_blob); + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Invalid 'subject' length"); + } else if (len) { kinfo.subject.value = malloc(len); - if (!kinfo.subject.value) + if (!kinfo.subject.value) { + free(info_blob); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_MEMORY_FAILURE, "Failed to add private key: memory allocation error"); + } kinfo.subject.len = len; memcpy(kinfo.subject.value, info_blob + offs + 2, len); } /* Modulus and exponent are ignored */ + free(info_blob); + snprintf(ch_tmp, sizeof(ch_tmp), "%s%04X", AWP_OBJECTS_DF_PRV, file_id); sc_format_path(ch_tmp, &kinfo.path); sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Private key info path %s", ch_tmp); @@ -873,18 +914,26 @@ sc_pkcs15emu_oberthur_add_data(struct sc offs += 2 + *(info_blob + offs + 1); /* Application */ - if (offs > info_len) + if (offs + 2 > info_len) SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add data: no 'application'"); app = info_blob + offs + 2; app_len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; + if (offs + 2 + app_len > info_len) { + free(info_blob); + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Invalid length of 'application' received"); + } if (app_len > sizeof(dinfo.app_label) - 1) app_len = sizeof(dinfo.app_label) - 1; offs += 2 + app_len; /* OID encode like DER(ASN.1(oid)) */ - if (offs + 1 > info_len) + if (offs + 2 > info_len) SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add data: no 'OID'"); oid_len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; + if (offs + 2 + oid_len > info_len) { + free(info_blob); + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Invalid length of 'oid' received"); + } if (oid_len) { oid = info_blob + offs + 2; if (*oid != 0x06 || (*(oid + 1) != oid_len - 2))
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor