diff options
| author | Lee Chee Yang <chee.yang.lee@intel.com> | 2023-09-22 17:59:39 +0800 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2023-09-22 07:36:16 -0700 |
| commit | 44b00373094f845e71575d9d6f5c54b038f3a21a (patch) | |
| tree | e8c5f402f65d8acbedcb3a22a85843b5d97a368d /meta-oe/recipes-support/opensc/files | |
| parent | 670b2776e12b54b05df3c580a2c24ec3f58bb71b (diff) | |
| download | meta-openembedded-44b00373094f845e71575d9d6f5c54b038f3a21a.tar.gz | |
opensc: fix CVE-2023-2977
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/recipes-support/opensc/files')
| -rw-r--r-- | meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch b/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch new file mode 100644 index 0000000000..165fc316bf --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch | |||
| @@ -0,0 +1,54 @@ | |||
| 1 | CVE: CVE-2023-2977 | ||
| 2 | Upstream-Status: Backport [ https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a ] | ||
| 3 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
| 4 | |||
| 5 | |||
| 6 | From 81944d1529202bd28359bede57c0a15deb65ba8a Mon Sep 17 00:00:00 2001 | ||
| 7 | From: fullwaywang <fullwaywang@tencent.com> | ||
| 8 | Date: Mon, 29 May 2023 10:38:48 +0800 | ||
| 9 | Subject: [PATCH] pkcs15init: correct left length calculation to fix buffer | ||
| 10 | overrun bug. Fixes #2785 | ||
| 11 | |||
| 12 | --- | ||
| 13 | src/pkcs15init/pkcs15-cardos.c | 10 +++++----- | ||
| 14 | 1 file changed, 5 insertions(+), 5 deletions(-) | ||
| 15 | |||
| 16 | diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c | ||
| 17 | index 9715cf390f..f41f73c349 100644 | ||
| 18 | --- a/src/pkcs15init/pkcs15-cardos.c | ||
| 19 | +++ b/src/pkcs15init/pkcs15-cardos.c | ||
| 20 | @@ -872,7 +872,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card) | ||
| 21 | sc_apdu_t apdu; | ||
| 22 | u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; | ||
| 23 | int r; | ||
| 24 | - const u8 *p = rbuf, *q; | ||
| 25 | + const u8 *p = rbuf, *q, *pp; | ||
| 26 | size_t len, tlen = 0, ilen = 0; | ||
| 27 | |||
| 28 | sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88); | ||
| 29 | @@ -888,13 +888,13 @@ static int cardos_have_verifyrc_package(sc_card_t *card) | ||
| 30 | return 0; | ||
| 31 | |||
| 32 | while (len != 0) { | ||
| 33 | - p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen); | ||
| 34 | - if (p == NULL) | ||
| 35 | + pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen); | ||
| 36 | + if (pp == NULL) | ||
| 37 | return 0; | ||
| 38 | if (card->type == SC_CARD_TYPE_CARDOS_M4_3) { | ||
| 39 | /* the verifyRC package on CardOS 4.3B use Manufacturer ID 0x01 */ | ||
| 40 | /* and Package Number 0x07 */ | ||
| 41 | - q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, &ilen); | ||
| 42 | + q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, &ilen); | ||
| 43 | if (q == NULL || ilen != 4) | ||
| 44 | return 0; | ||
| 45 | if (q[0] == 0x07) | ||
| 46 | @@ -902,7 +902,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card) | ||
| 47 | } else if (card->type == SC_CARD_TYPE_CARDOS_M4_4) { | ||
| 48 | /* the verifyRC package on CardOS 4.4 use Manufacturer ID 0x03 */ | ||
| 49 | /* and Package Number 0x02 */ | ||
| 50 | - q = sc_asn1_find_tag(card->ctx, p, tlen, 0x03, &ilen); | ||
| 51 | + q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x03, &ilen); | ||
| 52 | if (q == NULL || ilen != 4) | ||
| 53 | return 0; | ||
| 54 | if (q[0] == 0x02) | ||