summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-oe/recipes-support/opensc/files/CVE-2025-66037.patch35
-rw-r--r--meta-oe/recipes-support/opensc/opensc_0.25.1.bb1
2 files changed, 36 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2025-66037.patch b/meta-oe/recipes-support/opensc/files/CVE-2025-66037.patch
new file mode 100644
index 0000000000..91ffe53373
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/CVE-2025-66037.patch
@@ -0,0 +1,35 @@
1From b1a6f86298af7dfbaa1110b86662a9d1393a7678 Mon Sep 17 00:00:00 2001
2From: Jakub Jelen <jjelen@redhat.com>
3Date: Tue, 25 Nov 2025 15:58:02 +0100
4Subject: [PATCH] pkcs15: Avoid buffer overrun on invalid data
5
6Invalid data can contain zero-length buffer, which after copying
7was dereferenced without length check
8
9Credit: Aldo Ristori
10
11Signed-off-by: Jakub Jelen <jjelen@redhat.com>
12(cherry picked from commit 65fc211015cfcac27b10d0876054156c97225f50)
13
14CVE: CVE-2025-66037
15Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/65fc211015cfcac27b10d0876054156c97225f50]
16Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
17---
18 src/libopensc/pkcs15-pubkey.c | 4 ++++
19 1 file changed, 4 insertions(+)
20
21diff --git a/src/libopensc/pkcs15-pubkey.c b/src/libopensc/pkcs15-pubkey.c
22index a759efa45..48fb08cac 100644
23--- a/src/libopensc/pkcs15-pubkey.c
24+++ b/src/libopensc/pkcs15-pubkey.c
25@@ -1328,6 +1328,10 @@ sc_pkcs15_pubkey_from_spki_fields(struct sc_context *ctx, struct sc_pkcs15_pubke
26 "sc_pkcs15_pubkey_from_spki_fields() called: %p:%"SC_FORMAT_LEN_SIZE_T"u\n%s",
27 buf, buflen, sc_dump_hex(buf, buflen));
28
29+ if (buflen < 1) {
30+ LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "subjectPublicKeyInfo can not be empty");
31+ }
32+
33 tmp_buf = malloc(buflen);
34 if (!tmp_buf) {
35 r = SC_ERROR_OUT_OF_MEMORY;
diff --git a/meta-oe/recipes-support/opensc/opensc_0.25.1.bb b/meta-oe/recipes-support/opensc/opensc_0.25.1.bb
index bcdf5900ea..999ae34b12 100644
--- a/meta-oe/recipes-support/opensc/opensc_0.25.1.bb
+++ b/meta-oe/recipes-support/opensc/opensc_0.25.1.bb
@@ -18,6 +18,7 @@ SRC_URI = "git://github.com/OpenSC/OpenSC;branch=stable-0.25;protocol=https \
18 file://CVE-2024-8443-0001.patch \ 18 file://CVE-2024-8443-0001.patch \
19 file://CVE-2024-8443-0002.patch \ 19 file://CVE-2024-8443-0002.patch \
20 file://CVE-2025-49010.patch \ 20 file://CVE-2025-49010.patch \
21 file://CVE-2025-66037.patch \
21 " 22 "
22DEPENDS = "virtual/libiconv openssl" 23DEPENDS = "virtual/libiconv openssl"
23 24