Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
opensc.33796
opensc-CVE-2023-40661-6of8.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File opensc-CVE-2023-40661-6of8.patch of Package opensc.33796
From 440ca666eff10cc7011901252d20f3fc4ea23651 Mon Sep 17 00:00:00 2001 From: Jakub Jelen <jjelen@redhat.com> Date: Thu, 17 Aug 2023 13:41:36 +0200 Subject: [PATCH] setcos: Avoid buffer underflow Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60672 --- src/pkcs15init/pkcs15-setcos.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/src/pkcs15init/pkcs15-setcos.c +++ b/src/pkcs15init/pkcs15-setcos.c @@ -349,6 +349,10 @@ setcos_create_key(sc_profile_t *profile, /* Replace the path of instantiated key template by the path from the object data. */ memcpy(&file->path, &key_info->path, sizeof(file->path)); + if (file->path.len < 2) { + sc_file_free(file); + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid path"); + } file->id = file->path.value[file->path.len - 2] * 0x100 + file->path.value[file->path.len - 1];
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor