Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
opensc.33736
opensc-CVE-2023-40661-3of10.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File opensc-CVE-2023-40661-3of10.patch of Package opensc.33736
From 5631e9843c832a99769def85b7b9b68b4e3e3959 Mon Sep 17 00:00:00 2001 From: Veronika Hanulikova <xhanulik@fi.muni.cz> Date: Fri, 3 Mar 2023 16:07:38 +0100 Subject: [PATCH] Check length of string before making copy Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55851 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55998 --- src/pkcs15init/profile.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/pkcs15init/profile.c b/src/pkcs15init/profile.c index 2b793b0282..3bad1e8536 100644 --- a/src/pkcs15init/profile.c +++ b/src/pkcs15init/profile.c @@ -1575,7 +1575,10 @@ do_acl(struct state *cur, int argc, char **argv) while (argc--) { unsigned int op, method, id; + if (strlen(*argv) >= sizeof(oper)) + goto bad; strlcpy(oper, *argv++, sizeof(oper)); + if ((what = strchr(oper, '=')) == NULL) goto bad; *what++ = '\0'; @@ -2288,6 +2291,9 @@ get_authid(struct state *cur, const char *value, return get_uint(cur, value, type); } + if (strlen(value) >= sizeof(temp)) + return 1; + n = strcspn(value, "0123456789x"); strlcpy(temp, value, (sizeof(temp) > n) ? n + 1 : sizeof(temp));
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor