opensc: CVE-2019-19479 CVE-2019-19480

Security Advisory References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19480 Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Wang Mingyu <wangmy@cn.fujitsu.com> 2020-03-13 04:10:23 -0700
committer: Armin Kuster <akuster808@gmail.com> 2020-03-21 19:46:49 -0700
commit: 22862f7bdc690268ab44548576f002cf585a6f78 (patch)
tree: 8c7a90280969c99eeff4576f6fc9f68a7e78a6b8
parent: 2cf6bc0e6de881e2385a3a0f2821b411cd1237dc (diff)
download: meta-openembedded-22862f7bdc690268ab44548576f002cf585a6f78.tar.gz
3 files changed, 66 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch
new file mode 100644
index 000000000..73222ee1a
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch
@@ -0,0 +1,30 @@
+From c3f23b836e5a1766c36617fe1da30d22f7b63de2 Mon Sep 17 00:00:00 2001
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Sun, 3 Nov 2019 04:45:28 +0100
+Subject: [PATCH] fixed  UNKNOWN READ
+Upstream-Status: Accepted <or Backport>
+CVE: CVE-2019-19479 
+   
+Reported by OSS-Fuzz
+https://oss-fuzz.com/testcase-detail/5681169970757632
+Reference to upstream patch:
+https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2
+---
+ src/libopensc/card-setcos.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/libopensc/card-setcos.c b/src/libopensc/card-setcos.c
+index 4cf328ad6a..1b4e8f3e23 100644
+--- a/src/libopensc/card-setcos.c
+++ b/src/libopensc/card-setcos.c
+@@ -868,7 +868,7 @@ static void parse_sec_attr_44(sc_file_t *file, const u8 *buf, size_t len)
+                        }
+ 
+                        /* Encryption key present ? */
+-                       iPinCount = iACLen - 1;         
+                       iPinCount = iACLen > 0 ? iACLen - 1 : 0;
+ 
+                        if (buf[iOffset] & 0x20) {
+                                int iSC;
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2019-19480.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19480.patch
new file mode 100644
index 000000000..12c1f0b4a
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19480.patch
@@ -0,0 +1,34 @@
+From 6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 23 Oct 2019 09:22:44 +0200
+Subject: [PATCH] pkcs15-prkey: Simplify cleaning memory after failure
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478
+Upstream-Status: Accepted
+CVE: CVE-2019-19480
+Reference to upstream patch:
+https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7
+---
+ src/libopensc/pkcs15-prkey.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/src/libopensc/pkcs15-prkey.c b/src/libopensc/pkcs15-prkey.c
+index d3eee983..4b249582 100644
+--- a/src/libopensc/pkcs15-prkey.c
+++ b/src/libopensc/pkcs15-prkey.c
+@@ -258,6 +258,10 @@ int sc_pkcs15_decode_prkdf_entry(struct sc_pkcs15_card *p15card,
+        memset(gostr3410_params, 0, sizeof(gostr3410_params));
+ 
+        r = sc_asn1_decode_choice(ctx, asn1_prkey, *buf, *buflen, buf, buflen);
+       if (r < 0) {
+               /* This might have allocated something. If so, clear it now */
+               free(info.subject.value);
+        }
+        if (r == SC_ERROR_ASN1_END_OF_CONTENTS)
+                return r;
+        LOG_TEST_RET(ctx, r, "PrKey DF ASN.1 decoding failed");
+-- 
+2.17.1
diff --git a/meta-oe/recipes-support/opensc/opensc_0.19.0.bb b/meta-oe/recipes-support/opensc/opensc_0.19.0.bb
index bc1722e39..d26825a06 100644
--- a/meta-oe/recipes-support/opensc/opensc_0.19.0.bb
+++ b/meta-oe/recipes-support/opensc/opensc_0.19.0.bb
@@ -15,6 +15,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34"
 SRCREV = "f1691fc91fc113191c3a8aaf5facd6983334ec47"
 SRC_URI = "git://github.com/OpenSC/OpenSC \
           file://0001-Remove-redundant-logging.patch \
+           file://CVE-2019-19479.patch \
+           file://CVE-2019-19480.patch \
          "
 DEPENDS = "openct pcsc-lite virtual/libiconv openssl"
author	Wang Mingyu <wangmy@cn.fujitsu.com>	2020-03-13 04:10:23 -0700
committer	Armin Kuster <akuster808@gmail.com>	2020-03-21 19:46:49 -0700
commit	22862f7bdc690268ab44548576f002cf585a6f78 (patch)
tree	8c7a90280969c99eeff4576f6fc9f68a7e78a6b8
parent	2cf6bc0e6de881e2385a3a0f2821b411cd1237dc (diff)
download	meta-openembedded-22862f7bdc690268ab44548576f002cf585a6f78.tar.gz

diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch new file mode 100644 index 000000000..73222ee1a --- /dev/null +++ b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch
@@ -0,0 +1,30 @@
		1	From c3f23b836e5a1766c36617fe1da30d22f7b63de2 Mon Sep 17 00:00:00 2001
		2	From: Frank Morgner <frankmorgner@gmail.com>
		3	Date: Sun, 3 Nov 2019 04:45:28 +0100
		4	Subject: [PATCH] fixed UNKNOWN READ
		5
		6	Upstream-Status: Accepted <or Backport>
		7	CVE: CVE-2019-19479
		8
		9	Reported by OSS-Fuzz
		10	https://oss-fuzz.com/testcase-detail/5681169970757632
		11
		12	Reference to upstream patch:
		13	https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2
		14	---
		15	src/libopensc/card-setcos.c \| 2 +-
		16	1 file changed, 1 insertion(+), 1 deletion(-)
		17
		18	diff --git a/src/libopensc/card-setcos.c b/src/libopensc/card-setcos.c
		19	index 4cf328ad6a..1b4e8f3e23 100644
		20	--- a/src/libopensc/card-setcos.c
		21	+++ b/src/libopensc/card-setcos.c
		22	@@ -868,7 +868,7 @@ static void parse_sec_attr_44(sc_file_t file, const u8 buf, size_t len)
		23	}
		24
		25	/* Encryption key present ? */
		26	- iPinCount = iACLen - 1;
		27	+ iPinCount = iACLen > 0 ? iACLen - 1 : 0;
		28
		29	if (buf[iOffset] & 0x20) {
		30	int iSC;


diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2019-19480.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19480.patch new file mode 100644 index 000000000..12c1f0b4a --- /dev/null +++ b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19480.patch
@@ -0,0 +1,34 @@
		1	From 6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 Mon Sep 17 00:00:00 2001
		2	From: Jakub Jelen <jjelen@redhat.com>
		3	Date: Wed, 23 Oct 2019 09:22:44 +0200
		4	Subject: [PATCH] pkcs15-prkey: Simplify cleaning memory after failure
		5
		6	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478
		7
		8	Upstream-Status: Accepted
		9	CVE: CVE-2019-19480
		10
		11	Reference to upstream patch:
		12	https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7
		13	---
		14	src/libopensc/pkcs15-prkey.c \| 4 ++++
		15	1 file changed, 4 insertions(+)
		16
		17	diff --git a/src/libopensc/pkcs15-prkey.c b/src/libopensc/pkcs15-prkey.c
		18	index d3eee983..4b249582 100644
		19	--- a/src/libopensc/pkcs15-prkey.c
		20	+++ b/src/libopensc/pkcs15-prkey.c
		21	@@ -258,6 +258,10 @@ int sc_pkcs15_decode_prkdf_entry(struct sc_pkcs15_card *p15card,
		22	memset(gostr3410_params, 0, sizeof(gostr3410_params));
		23
		24	r = sc_asn1_decode_choice(ctx, asn1_prkey, buf, buflen, buf, buflen);
		25	+ if (r < 0) {
		26	+ /* This might have allocated something. If so, clear it now */
		27	+ free(info.subject.value);
		28	+ }
		29	if (r == SC_ERROR_ASN1_END_OF_CONTENTS)
		30	return r;
		31	LOG_TEST_RET(ctx, r, "PrKey DF ASN.1 decoding failed");
		32	--
		33	2.17.1
		34


diff --git a/meta-oe/recipes-support/opensc/opensc_0.19.0.bb b/meta-oe/recipes-support/opensc/opensc_0.19.0.bb index bc1722e39..d26825a06 100644 --- a/meta-oe/recipes-support/opensc/opensc_0.19.0.bb +++ b/meta-oe/recipes-support/opensc/opensc_0.19.0.bb
@@ -15,6 +15,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34"
15	SRCREV = "f1691fc91fc113191c3a8aaf5facd6983334ec47"	15	SRCREV = "f1691fc91fc113191c3a8aaf5facd6983334ec47"
16	SRC_URI = "git://github.com/OpenSC/OpenSC \	16	SRC_URI = "git://github.com/OpenSC/OpenSC \
17	file://0001-Remove-redundant-logging.patch \	17	file://0001-Remove-redundant-logging.patch \
		18	file://CVE-2019-19479.patch \
		19	file://CVE-2019-19480.patch \
18	"	20	"
19	DEPENDS = "openct pcsc-lite virtual/libiconv openssl"	21	DEPENDS = "openct pcsc-lite virtual/libiconv openssl"
20		22