Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
opensc
opensc-CVE-2024-45617.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File opensc-CVE-2024-45617.patch of Package opensc
commit fdb9e903eb124b6b18a5a9350a26eceb775585bc Author: Veronika HanulĂková <vhanulik@redhat.com> Date: Tue Jul 16 14:05:36 2024 +0200 cac: Check return value when selecting AID Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs11/14 Index: opensc-0.19.0/src/libopensc/card-cac.c =================================================================== --- opensc-0.19.0.orig/src/libopensc/card-cac.c +++ opensc-0.19.0/src/libopensc/card-cac.c @@ -1432,10 +1432,10 @@ static int cac_parse_aid(sc_card_t *card /* Call without OID set will just select the AID without subseqent * OID selection, which we need to figure out just now */ - cac_select_file_by_type(card, &new_object.path, NULL, SC_CARD_TYPE_CAC_II); + r = cac_select_file_by_type(card, &new_object.path, NULL, SC_CARD_TYPE_CAC_II); + LOG_TEST_RET(card->ctx, r, "Cannot select AID"); r = cac_get_properties(card, &prop); - if (r < 0) - return SC_ERROR_INTERNAL; + LOG_TEST_RET(card->ctx, r, "Cannot get CAC properties"); for (i = 0; i < prop.num_objects; i++) { /* don't fail just because we have more certs than we can support */ Index: opensc-0.19.0/src/libopensc/card-cardos.c =================================================================== --- opensc-0.19.0.orig/src/libopensc/card-cardos.c +++ opensc-0.19.0/src/libopensc/card-cardos.c @@ -1030,7 +1030,8 @@ cardos_lifecycle_get(sc_card_t *card, in SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); if (apdu.resplen < 1) { - SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Lifecycle byte not in response"); + LOG_TEST_RET(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Lifecycle byte not in response"); + } r = SC_SUCCESS; Index: opensc-0.19.0/src/libopensc/card-jpki.c =================================================================== --- opensc-0.19.0.orig/src/libopensc/card-jpki.c +++ opensc-0.19.0/src/libopensc/card-jpki.c @@ -195,6 +195,8 @@ jpki_select_file(struct sc_card *card, u8 buf[4]; rc = sc_read_binary(card, 0, buf, 4, 0); LOG_TEST_RET(card->ctx, rc, "SW Check failed"); + if (rc < 4) + LOG_TEST_RET(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Received data too short"); file = sc_file_new(); if (!file) { LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor