diff options
| -rw-r--r-- | meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch | 53 | ||||
| -rw-r--r-- | meta-oe/recipes-support/opensc/opensc_0.22.0.bb | 1 |
2 files changed, 54 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch b/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch new file mode 100644 index 0000000000..6a635a7ce6 --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch | |||
| @@ -0,0 +1,53 @@ | |||
| 1 | commit 81944d1529202bd28359bede57c0a15deb65ba8a | ||
| 2 | Author: fullwaywang <fullwaywang@tencent.com> | ||
| 3 | Date: Mon May 29 10:38:48 2023 +0800 | ||
| 4 | Subject: [PATCH] pkcs15init: correct left length calculation to fix buffer overrun bug. | ||
| 5 | |||
| 6 | Fixes #2785 | ||
| 7 | |||
| 8 | CVE: CVE-2023-2977 | ||
| 9 | |||
| 10 | Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/pull/2787/commits/3bf3ab2f9091f984cda6dd910654ccbbe3f06a40] | ||
| 11 | |||
| 12 | Signed-off-by: Soumya <soumya.sambu@windriver.com> | ||
| 13 | --- | ||
| 14 | |||
| 15 | diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c | ||
| 16 | index 9715cf39..f41f73c3 100644 | ||
| 17 | --- a/src/pkcs15init/pkcs15-cardos.c | ||
| 18 | +++ b/src/pkcs15init/pkcs15-cardos.c | ||
| 19 | @@ -872,7 +872,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card) | ||
| 20 | sc_apdu_t apdu; | ||
| 21 | u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; | ||
| 22 | int r; | ||
| 23 | - const u8 *p = rbuf, *q; | ||
| 24 | + const u8 *p = rbuf, *q, *pp; | ||
| 25 | size_t len, tlen = 0, ilen = 0; | ||
| 26 | |||
| 27 | sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88); | ||
| 28 | @@ -888,13 +888,13 @@ static int cardos_have_verifyrc_package(sc_card_t *card) | ||
| 29 | return 0; | ||
| 30 | |||
| 31 | while (len != 0) { | ||
| 32 | - p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen); | ||
| 33 | - if (p == NULL) | ||
| 34 | + pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen); | ||
| 35 | + if (pp == NULL) | ||
| 36 | return 0; | ||
| 37 | if (card->type == SC_CARD_TYPE_CARDOS_M4_3) { | ||
| 38 | /* the verifyRC package on CardOS 4.3B use Manufacturer ID 0x01 */ | ||
| 39 | /* and Package Number 0x07 */ | ||
| 40 | - q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, &ilen); | ||
| 41 | + q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, &ilen); | ||
| 42 | if (q == NULL || ilen != 4) | ||
| 43 | return 0; | ||
| 44 | if (q[0] == 0x07) | ||
| 45 | @@ -902,7 +902,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card) | ||
| 46 | } else if (card->type == SC_CARD_TYPE_CARDOS_M4_4) { | ||
| 47 | /* the verifyRC package on CardOS 4.4 use Manufacturer ID 0x03 */ | ||
| 48 | /* and Package Number 0x02 */ | ||
| 49 | - q = sc_asn1_find_tag(card->ctx, p, tlen, 0x03, &ilen); | ||
| 50 | + q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x03, &ilen); | ||
| 51 | if (q == NULL || ilen != 4) | ||
| 52 | return 0; | ||
| 53 | if (q[0] == 0x02) | ||
diff --git a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb index f8b4af0c4f..4590b85fa4 100644 --- a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb +++ b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb | |||
| @@ -14,6 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7" | |||
| 14 | #v0.21.0 | 14 | #v0.21.0 |
| 15 | SRCREV = "c902e1992195e00ada12d71beb1029287cd72037" | 15 | SRCREV = "c902e1992195e00ada12d71beb1029287cd72037" |
| 16 | SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \ | 16 | SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \ |
| 17 | file://CVE-2023-2977.patch \ | ||
| 17 | " | 18 | " |
| 18 | DEPENDS = "virtual/libiconv openssl" | 19 | DEPENDS = "virtual/libiconv openssl" |
| 19 | 20 | ||