rpms / opensc

Clone
Source Code
GIT

Blame SOURCES/opensc-0.20.0-CVE-2020-26572.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   5485fbb7c451a29ec8e99cd10c3b8f2d488a8ba6
  2.   SOURCES
  3.   opensc-0.20.0-CVE-2020-26572.patch
Blob History Raw
5485fb 
commit 9d294de90d1cc66956389856e60b6944b27b4817
5485fb 
Author: Frank Morgner <frankmorgner@gmail.com>
5485fb 
Date:   Thu Jun 4 10:04:10 2020 +0200
5485fb
5485fb 
    prevent out of bounds write
5485fb
5485fb 
    fixes https://oss-fuzz.com/testcase-detail/5226571123392512
5485fb
5485fb 
diff --git a/src/libopensc/card-tcos.c b/src/libopensc/card-tcos.c
5485fb 
index 673c2493..e88c80bd 100644
5485fb 
--- a/src/libopensc/card-tcos.c
5485fb 
+++ b/src/libopensc/card-tcos.c
5485fb 
@@ -623,6 +623,8 @@ static int tcos_decipher(sc_card_t *card, const u8 * crgram, size_t crgram_len,
5485fb 
 	apdu.data = sbuf;
5485fb 
 	apdu.lc = apdu.datalen = crgram_len+1;
5485fb 
 	sbuf[0] = tcos3 ? 0x00 : ((data->pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) ? 0x81 : 0x02);
5485fb 
+	if (sizeof sbuf - 1 < crgram_len)
5485fb 
+		return SC_ERROR_INVALID_ARGUMENTS;
5485fb 
 	memcpy(sbuf+1, crgram, crgram_len);
5485fb
5485fb 
 	r = sc_transmit_apdu(card, &apdu);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation