diff options
6 files changed, 213 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0001.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0001.patch new file mode 100644 index 0000000000..badb301b18 --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0001.patch | |||
| @@ -0,0 +1,67 @@ | |||
| 1 | From 5e4f26b510b04624386c54816bf26aacea0fe4a1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com> | ||
| 3 | Date: Thu, 11 Jul 2024 14:58:25 +0200 | ||
| 4 | Subject: [PATCH] cac: Fix uninitialized values | ||
| 5 | |||
| 6 | Thanks Matteo Marini for report | ||
| 7 | https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 | ||
| 8 | |||
| 9 | fuzz_card/1,fuzz_pkcs11/6 | ||
| 10 | CVE: CVE-2024-45615 | ||
| 11 | Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/5e4f26b510b04624386c54816bf26aacea0fe4a1] | ||
| 12 | |||
| 13 | Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> | ||
| 14 | --- | ||
| 15 | src/libopensc/card-cac.c | 12 ++++++------ | ||
| 16 | 1 file changed, 6 insertions(+), 6 deletions(-) | ||
| 17 | |||
| 18 | diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c | ||
| 19 | index 1d1b616c8..4c3bc89bd 100644 | ||
| 20 | --- a/src/libopensc/card-cac.c | ||
| 21 | +++ b/src/libopensc/card-cac.c | ||
| 22 | @@ -255,7 +255,7 @@ static int cac_apdu_io(sc_card_t *card, int ins, int p1, int p2, | ||
| 23 | size_t * recvbuflen) | ||
| 24 | { | ||
| 25 | int r; | ||
| 26 | - sc_apdu_t apdu; | ||
| 27 | + sc_apdu_t apdu = {0}; | ||
| 28 | u8 rbufinitbuf[CAC_MAX_SIZE]; | ||
| 29 | u8 *rbuf; | ||
| 30 | size_t rbuflen; | ||
| 31 | @@ -392,13 +392,13 @@ fail: | ||
| 32 | static int cac_read_file(sc_card_t *card, int file_type, u8 **out_buf, size_t *out_len) | ||
| 33 | { | ||
| 34 | u8 params[2]; | ||
| 35 | - u8 count[2]; | ||
| 36 | + u8 count[2] = {0}; | ||
| 37 | u8 *out = NULL; | ||
| 38 | - u8 *out_ptr; | ||
| 39 | + u8 *out_ptr = NULL; | ||
| 40 | size_t offset = 0; | ||
| 41 | size_t size = 0; | ||
| 42 | size_t left = 0; | ||
| 43 | - size_t len; | ||
| 44 | + size_t len = 0; | ||
| 45 | int r; | ||
| 46 | |||
| 47 | params[0] = file_type; | ||
| 48 | @@ -461,7 +461,7 @@ static int cac_read_binary(sc_card_t *card, unsigned int idx, | ||
| 49 | const u8 *tl_ptr, *val_ptr, *tl_start; | ||
| 50 | u8 *tlv_ptr; | ||
| 51 | const u8 *cert_ptr; | ||
| 52 | - size_t tl_len, val_len, tlv_len; | ||
| 53 | + size_t tl_len = 0, val_len = 0, tlv_len; | ||
| 54 | size_t len, tl_head_len, cert_len; | ||
| 55 | u8 cert_type, tag; | ||
| 56 | |||
| 57 | @@ -1528,7 +1528,7 @@ static int cac_parse_CCC(sc_card_t *card, cac_private_data_t *priv, const u8 *tl | ||
| 58 | static int cac_process_CCC(sc_card_t *card, cac_private_data_t *priv, int depth) | ||
| 59 | { | ||
| 60 | u8 *tl = NULL, *val = NULL; | ||
| 61 | - size_t tl_len, val_len; | ||
| 62 | + size_t tl_len = 0, val_len = 0; | ||
| 63 | int r; | ||
| 64 | |||
| 65 | if (depth > CAC_MAX_CCC_DEPTH) { | ||
| 66 | -- | ||
| 67 | 2.34.1 | ||
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0002.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0002.patch new file mode 100644 index 0000000000..7e02df383e --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0002.patch | |||
| @@ -0,0 +1,36 @@ | |||
| 1 | From 7d68a7f442e38e16625270a0fdc6942c9e9437e6 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com> | ||
| 3 | Date: Tue, 16 Jul 2024 15:51:51 +0200 | ||
| 4 | Subject: [PATCH] card-piv: Initialize variables for tag and CLA | ||
| 5 | |||
| 6 | In case they are not later initialize later by | ||
| 7 | sc_asn1_read_tag() function. | ||
| 8 | |||
| 9 | Thanks Matteo Marini for report | ||
| 10 | https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 | ||
| 11 | |||
| 12 | fuzz_pkcs11/21 | ||
| 13 | |||
| 14 | CVE: CVE-2024-45615 | ||
| 15 | Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/7d68a7f442e38e16625270a0fdc6942c9e9437e6] | ||
| 16 | |||
| 17 | Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> | ||
| 18 | --- | ||
| 19 | src/libopensc/card-piv.c | 2 +- | ||
| 20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 21 | |||
| 22 | diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c | ||
| 23 | index 6bf740221..0f07b2529 100644 | ||
| 24 | --- a/src/libopensc/card-piv.c | ||
| 25 | +++ b/src/libopensc/card-piv.c | ||
| 26 | @@ -2241,7 +2241,7 @@ static int piv_get_challenge(sc_card_t *card, u8 *rnd, size_t len) | ||
| 27 | const u8 *p; | ||
| 28 | size_t out_len = 0; | ||
| 29 | int r; | ||
| 30 | - unsigned int tag, cla; | ||
| 31 | + unsigned int tag = 0, cla = 0; | ||
| 32 | piv_private_data_t * priv = PIV_DATA(card); | ||
| 33 | |||
| 34 | LOG_FUNC_CALLED(card->ctx); | ||
| 35 | -- | ||
| 36 | 2.34.1 | ||
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0003.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0003.patch new file mode 100644 index 0000000000..3f57ca3362 --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0003.patch | |||
| @@ -0,0 +1,35 @@ | |||
| 1 | From bb3dedb71e59bd17f96fd4e807250a5cf2253cb7 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com> | ||
| 3 | Date: Fri, 12 Jul 2024 14:35:47 +0200 | ||
| 4 | Subject: [PATCH] pkcs15-cert.c: Initialize OID length | ||
| 5 | |||
| 6 | In case it is not set later. | ||
| 7 | |||
| 8 | Thanks Matteo Marini for report | ||
| 9 | https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 | ||
| 10 | |||
| 11 | fuzz_pkcs11/7 | ||
| 12 | |||
| 13 | CVE: CVE-2024-45615 | ||
| 14 | Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/bb3dedb71e59bd17f96fd4e807250a5cf2253cb7] | ||
| 15 | |||
| 16 | Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> | ||
| 17 | --- | ||
| 18 | src/libopensc/pkcs15-cert.c | 2 +- | ||
| 19 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 20 | |||
| 21 | diff --git a/src/libopensc/pkcs15-cert.c b/src/libopensc/pkcs15-cert.c | ||
| 22 | index 1777a85835..5e2dbb89d0 100644 | ||
| 23 | --- a/src/libopensc/pkcs15-cert.c | ||
| 24 | +++ b/src/libopensc/pkcs15-cert.c | ||
| 25 | @@ -169,7 +169,7 @@ sc_pkcs15_get_name_from_dn(struct sc_context *ctx, const u8 *dn, size_t dn_len, | ||
| 26 | for (next_ava = rdn, next_ava_len = rdn_len; next_ava_len; ) { | ||
| 27 | const u8 *ava, *dummy, *oidp; | ||
| 28 | struct sc_object_id oid; | ||
| 29 | - size_t ava_len, dummy_len, oid_len; | ||
| 30 | + size_t ava_len = 0, dummy_len, oid_len = 0; | ||
| 31 | |||
| 32 | /* unwrap the set and point to the next ava */ | ||
| 33 | ava = sc_asn1_skip_tag(ctx, &next_ava, &next_ava_len, SC_ASN1_TAG_SET | SC_ASN1_CONS, &ava_len); | ||
| 34 | -- | ||
| 35 | 2.34.1 | ||
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0004.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0004.patch new file mode 100644 index 0000000000..a477bb07ec --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0004.patch | |||
| @@ -0,0 +1,36 @@ | |||
| 1 | From 42d718dfccd2a10f6d26705b8c991815c855fa3b Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com> | ||
| 3 | Date: Tue, 16 Jul 2024 16:32:45 +0200 | ||
| 4 | Subject: [PATCH] pkcs15-sc-hsm: Initialize variables for tag and CLA | ||
| 5 | |||
| 6 | In case they are not later initialize later by | ||
| 7 | sc_asn1_read_tag() function. | ||
| 8 | |||
| 9 | Thanks Matteo Marini for report | ||
| 10 | https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 | ||
| 11 | |||
| 12 | fuzz_pkcs15_crypt/12 | ||
| 13 | |||
| 14 | CVE: CVE-2024-45615 | ||
| 15 | Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/42d718dfccd2a10f6d26705b8c991815c855fa3b] | ||
| 16 | |||
| 17 | Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> | ||
| 18 | --- | ||
| 19 | src/libopensc/pkcs15-sc-hsm.c | 2 +- | ||
| 20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 21 | |||
| 22 | diff --git a/src/libopensc/pkcs15-sc-hsm.c b/src/libopensc/pkcs15-sc-hsm.c | ||
| 23 | index 315cd74482..acdbee7054 100644 | ||
| 24 | --- a/src/libopensc/pkcs15-sc-hsm.c | ||
| 25 | +++ b/src/libopensc/pkcs15-sc-hsm.c | ||
| 26 | @@ -277,7 +277,7 @@ int sc_pkcs15emu_sc_hsm_decode_cvc(sc_pkcs15_card_t * p15card, | ||
| 27 | struct sc_asn1_entry asn1_cvcert[C_ASN1_CVCERT_SIZE]; | ||
| 28 | struct sc_asn1_entry asn1_cvc_body[C_ASN1_CVC_BODY_SIZE]; | ||
| 29 | struct sc_asn1_entry asn1_cvc_pubkey[C_ASN1_CVC_PUBKEY_SIZE]; | ||
| 30 | - unsigned int cla,tag; | ||
| 31 | + unsigned int cla = 0, tag = 0; | ||
| 32 | size_t taglen; | ||
| 33 | size_t lenchr = sizeof(cvc->chr); | ||
| 34 | size_t lencar = sizeof(cvc->car); | ||
| 35 | -- | ||
| 36 | 2.34.1 | ||
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0005.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0005.patch new file mode 100644 index 0000000000..7826f7e713 --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0005.patch | |||
| @@ -0,0 +1,34 @@ | |||
| 1 | From bde991b0fe4f0250243b0e4960978b1043c13b03 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jakub Jelen <jjelen@redhat.com> | ||
| 3 | Date: Mon, 20 May 2024 21:31:38 +0200 | ||
| 4 | Subject: [PATCH] pkcs15init: Avoid using uninitialized memory | ||
| 5 | |||
| 6 | Thanks Matteo Marini for report | ||
| 7 | |||
| 8 | https://github.com/OpenSC/OpenSC/security/advisories/GHSA-h5f7-rjr5-vx54 | ||
| 9 | |||
| 10 | Signed-off-by: Jakub Jelen <jjelen@redhat.com> | ||
| 11 | |||
| 12 | CVE: CVE-2024-45615 | ||
| 13 | Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/bde991b0fe4f0250243b0e4960978b1043c13b03] | ||
| 14 | |||
| 15 | Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> | ||
| 16 | --- | ||
| 17 | src/pkcs15init/profile.c | 2 +- | ||
| 18 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 19 | |||
| 20 | diff --git a/src/pkcs15init/profile.c b/src/pkcs15init/profile.c | ||
| 21 | index 74fbdcec1..16c2ddfea 100644 | ||
| 22 | --- a/src/pkcs15init/profile.c | ||
| 23 | +++ b/src/pkcs15init/profile.c | ||
| 24 | @@ -1807,7 +1807,7 @@ do_pin_storedlength(struct state *cur, int argc, char **argv) | ||
| 25 | static int | ||
| 26 | do_pin_flags(struct state *cur, int argc, char **argv) | ||
| 27 | { | ||
| 28 | - unsigned int flags; | ||
| 29 | + unsigned int flags = 0; | ||
| 30 | int i, r; | ||
| 31 | |||
| 32 | if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN) | ||
| 33 | -- | ||
| 34 | 2.34.1 | ||
diff --git a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb index 822e0ab971..9446237a09 100644 --- a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb +++ b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb | |||
| @@ -26,6 +26,11 @@ SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \ | |||
| 26 | file://CVE-2024-1454.patch \ | 26 | file://CVE-2024-1454.patch \ |
| 27 | file://CVE-2024-8443-0001.patch \ | 27 | file://CVE-2024-8443-0001.patch \ |
| 28 | file://CVE-2024-8443-0002.patch \ | 28 | file://CVE-2024-8443-0002.patch \ |
| 29 | file://CVE-2024-45615-0001.patch \ | ||
| 30 | file://CVE-2024-45615-0002.patch \ | ||
| 31 | file://CVE-2024-45615-0003.patch \ | ||
| 32 | file://CVE-2024-45615-0004.patch \ | ||
| 33 | file://CVE-2024-45615-0005.patch \ | ||
| 29 | " | 34 | " |
| 30 | 35 | ||
| 31 | # CVE-2021-34193 is a duplicate CVE covering the 5 individual | 36 | # CVE-2021-34193 is a duplicate CVE covering the 5 individual |
