File opensc-CVE-2024-45615.patch of Package opensc.35661

Overview Repositories Revisions Requests Users Attributes Meta

File opensc-CVE-2024-45615.patch of Package opensc.35661

commit 5e4f26b510b04624386c54816bf26aacea0fe4a1
Author: Veronika Hanulíková <vhanulik@redhat.com>
Date:   Thu Jul 11 14:58:25 2024 +0200

cac: Fix uninitialized values
    
    Thanks Matteo Marini for report
    https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
    
    fuzz_card/1,fuzz_pkcs11/6

Index: opensc-0.22.0/src/libopensc/card-cac.c
===================================================================
--- opensc-0.22.0.orig/src/libopensc/card-cac.c
+++ opensc-0.22.0/src/libopensc/card-cac.c
@@ -255,7 +255,7 @@ static int cac_apdu_io(sc_card_t *card,
 	size_t * recvbuflen)
 {
 	int r;
-	sc_apdu_t apdu;
+	sc_apdu_t apdu = {0};
 	u8 rbufinitbuf[CAC_MAX_SIZE];
 	u8 *rbuf;
 	size_t rbuflen;
@@ -392,13 +392,13 @@ fail:
 static int cac_read_file(sc_card_t *card, int file_type, u8 **out_buf, size_t *out_len)
 {
 	u8 params[2];
-	u8 count[2];
+	u8 count[2] = {0};
 	u8 *out = NULL;
-	u8 *out_ptr;
+	u8 *out_ptr = NULL;
 	size_t offset = 0;
 	size_t size = 0;
 	size_t left = 0;
-	size_t len;
+	size_t len = 0;
 	int r;
 
 	params[0] = file_type;
@@ -461,7 +461,7 @@ static int cac_read_binary(sc_card_t *ca
 	const u8 *tl_ptr, *val_ptr, *tl_start;
 	u8 *tlv_ptr;
 	const u8 *cert_ptr;
-	size_t tl_len, val_len, tlv_len;
+	size_t tl_len = 0, val_len = 0, tlv_len;
 	size_t len, tl_head_len, cert_len;
 	u8 cert_type, tag;
 
@@ -1528,7 +1528,7 @@ static int cac_parse_CCC(sc_card_t *card
 static int cac_process_CCC(sc_card_t *card, cac_private_data_t *priv, int depth)
 {
 	u8 *tl = NULL, *val = NULL;
-	size_t tl_len, val_len;
+	size_t tl_len = 0, val_len = 0;
 	int r;
 
 	if (depth > CAC_MAX_CCC_DEPTH) {
Index: opensc-0.22.0/src/libopensc/card-piv.c
===================================================================
--- opensc-0.22.0.orig/src/libopensc/card-piv.c
+++ opensc-0.22.0/src/libopensc/card-piv.c
@@ -2202,7 +2202,7 @@ static int piv_get_challenge(sc_card_t *
 	const u8 *p;
 	size_t out_len = 0;
 	int r;
-	unsigned int tag, cla;
+	unsigned int tag = 0, cla = 0;
 	piv_private_data_t * priv = PIV_DATA(card);
 
 	LOG_FUNC_CALLED(card->ctx);
Index: opensc-0.22.0/src/libopensc/pkcs15-cert.c
===================================================================
--- opensc-0.22.0.orig/src/libopensc/pkcs15-cert.c
+++ opensc-0.22.0/src/libopensc/pkcs15-cert.c
@@ -169,7 +169,7 @@ sc_pkcs15_get_name_from_dn(struct sc_con
 	for (next_ava = rdn, next_ava_len = rdn_len; next_ava_len; ) {
 		const u8 *ava, *dummy, *oidp;
 		struct sc_object_id oid;
-		size_t ava_len, dummy_len, oid_len;
+		size_t ava_len = 0, dummy_len, oid_len = 0;
 
 		/* unwrap the set and point to the next ava */
 		ava = sc_asn1_skip_tag(ctx, &next_ava, &next_ava_len, SC_ASN1_TAG_SET | SC_ASN1_CONS, &ava_len);
Index: opensc-0.22.0/src/libopensc/pkcs15-sc-hsm.c
===================================================================
--- opensc-0.22.0.orig/src/libopensc/pkcs15-sc-hsm.c
+++ opensc-0.22.0/src/libopensc/pkcs15-sc-hsm.c
@@ -277,7 +277,7 @@ int sc_pkcs15emu_sc_hsm_decode_cvc(sc_pk
 	struct sc_asn1_entry asn1_cvcert[C_ASN1_CVCERT_SIZE];
 	struct sc_asn1_entry asn1_cvc_body[C_ASN1_CVC_BODY_SIZE];
 	struct sc_asn1_entry asn1_cvc_pubkey[C_ASN1_CVC_PUBKEY_SIZE];
-	unsigned int cla,tag;
+	unsigned int cla = 0, tag = 0;
 	size_t taglen;
 	size_t lenchr = sizeof(cvc->chr);
 	size_t lencar = sizeof(cvc->car);
Index: opensc-0.22.0/src/pkcs15init/profile.c
===================================================================
--- opensc-0.22.0.orig/src/pkcs15init/profile.c
+++ opensc-0.22.0/src/pkcs15init/profile.c
@@ -1695,7 +1695,7 @@ do_pin_storedlength(struct state *cur, i
 static int
 do_pin_flags(struct state *cur, int argc, char **argv)
 {
-	unsigned int	flags;
+	unsigned int	flags = 0;
 	int		i, r;
 
 	if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)

Places

File opensc-CVE-2024-45615.patch of Package opensc.35661

Places