Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
opensc.35664
opensc-CVE-2023-40661-10of10.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File opensc-CVE-2023-40661-10of10.patch of Package opensc.35664
From 41d61da8481582e12710b5858f8b635e0a71ab5e Mon Sep 17 00:00:00 2001 From: Jakub Jelen <jjelen@redhat.com> Date: Wed, 20 Sep 2023 10:13:57 +0200 Subject: [PATCH] oberthur: Avoid buffer overflow Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650 --- src/pkcs15init/pkcs15-oberthur.c | 3 +++ 1 file changed, 3 insertions(+) --- a/src/pkcs15init/pkcs15-oberthur.c +++ b/src/pkcs15init/pkcs15-oberthur.c @@ -691,6 +691,9 @@ cosm_create_key(struct sc_profile *profi if (object->type != SC_PKCS15_TYPE_PRKEY_RSA) SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Create key failed: RSA only supported"); + if (key_info->path.len < 2) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OBJECT_NOT_VALID, "The path needs to be at least to bytes long"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create private key ID:%s", sc_pkcs15_print_id(&key_info->id)); /* Here, the path of private key file should be defined. * Nevertheless, we need to instantiate private key to get the ACLs. */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor