summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-oe/recipes-support/opensc/files/CVE-2024-45615-0001.patch67
-rw-r--r--meta-oe/recipes-support/opensc/files/CVE-2024-45615-0002.patch36
-rw-r--r--meta-oe/recipes-support/opensc/files/CVE-2024-45615-0003.patch35
-rw-r--r--meta-oe/recipes-support/opensc/files/CVE-2024-45615-0004.patch36
-rw-r--r--meta-oe/recipes-support/opensc/files/CVE-2024-45615-0005.patch34
-rw-r--r--meta-oe/recipes-support/opensc/opensc_0.22.0.bb5
6 files changed, 213 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0001.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0001.patch
new file mode 100644
index 0000000000..badb301b18
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0001.patch
@@ -0,0 +1,67 @@
1From 5e4f26b510b04624386c54816bf26aacea0fe4a1 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
3Date: Thu, 11 Jul 2024 14:58:25 +0200
4Subject: [PATCH] cac: Fix uninitialized values
5
6Thanks Matteo Marini for report
7https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
8
9fuzz_card/1,fuzz_pkcs11/6
10CVE: CVE-2024-45615
11Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/5e4f26b510b04624386c54816bf26aacea0fe4a1]
12
13Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
14---
15 src/libopensc/card-cac.c | 12 ++++++------
16 1 file changed, 6 insertions(+), 6 deletions(-)
17
18diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
19index 1d1b616c8..4c3bc89bd 100644
20--- a/src/libopensc/card-cac.c
21+++ b/src/libopensc/card-cac.c
22@@ -255,7 +255,7 @@ static int cac_apdu_io(sc_card_t *card, int ins, int p1, int p2,
23 size_t * recvbuflen)
24 {
25 int r;
26- sc_apdu_t apdu;
27+ sc_apdu_t apdu = {0};
28 u8 rbufinitbuf[CAC_MAX_SIZE];
29 u8 *rbuf;
30 size_t rbuflen;
31@@ -392,13 +392,13 @@ fail:
32 static int cac_read_file(sc_card_t *card, int file_type, u8 **out_buf, size_t *out_len)
33 {
34 u8 params[2];
35- u8 count[2];
36+ u8 count[2] = {0};
37 u8 *out = NULL;
38- u8 *out_ptr;
39+ u8 *out_ptr = NULL;
40 size_t offset = 0;
41 size_t size = 0;
42 size_t left = 0;
43- size_t len;
44+ size_t len = 0;
45 int r;
46
47 params[0] = file_type;
48@@ -461,7 +461,7 @@ static int cac_read_binary(sc_card_t *card, unsigned int idx,
49 const u8 *tl_ptr, *val_ptr, *tl_start;
50 u8 *tlv_ptr;
51 const u8 *cert_ptr;
52- size_t tl_len, val_len, tlv_len;
53+ size_t tl_len = 0, val_len = 0, tlv_len;
54 size_t len, tl_head_len, cert_len;
55 u8 cert_type, tag;
56
57@@ -1528,7 +1528,7 @@ static int cac_parse_CCC(sc_card_t *card, cac_private_data_t *priv, const u8 *tl
58 static int cac_process_CCC(sc_card_t *card, cac_private_data_t *priv, int depth)
59 {
60 u8 *tl = NULL, *val = NULL;
61- size_t tl_len, val_len;
62+ size_t tl_len = 0, val_len = 0;
63 int r;
64
65 if (depth > CAC_MAX_CCC_DEPTH) {
66--
672.34.1
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0002.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0002.patch
new file mode 100644
index 0000000000..7e02df383e
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0002.patch
@@ -0,0 +1,36 @@
1From 7d68a7f442e38e16625270a0fdc6942c9e9437e6 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
3Date: Tue, 16 Jul 2024 15:51:51 +0200
4Subject: [PATCH] card-piv: Initialize variables for tag and CLA
5
6In case they are not later initialize later by
7sc_asn1_read_tag() function.
8
9Thanks Matteo Marini for report
10https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
11
12fuzz_pkcs11/21
13
14CVE: CVE-2024-45615
15Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/7d68a7f442e38e16625270a0fdc6942c9e9437e6]
16
17Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
18---
19 src/libopensc/card-piv.c | 2 +-
20 1 file changed, 1 insertion(+), 1 deletion(-)
21
22diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c
23index 6bf740221..0f07b2529 100644
24--- a/src/libopensc/card-piv.c
25+++ b/src/libopensc/card-piv.c
26@@ -2241,7 +2241,7 @@ static int piv_get_challenge(sc_card_t *card, u8 *rnd, size_t len)
27 const u8 *p;
28 size_t out_len = 0;
29 int r;
30- unsigned int tag, cla;
31+ unsigned int tag = 0, cla = 0;
32 piv_private_data_t * priv = PIV_DATA(card);
33
34 LOG_FUNC_CALLED(card->ctx);
35--
362.34.1
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0003.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0003.patch
new file mode 100644
index 0000000000..3f57ca3362
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0003.patch
@@ -0,0 +1,35 @@
1From bb3dedb71e59bd17f96fd4e807250a5cf2253cb7 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
3Date: Fri, 12 Jul 2024 14:35:47 +0200
4Subject: [PATCH] pkcs15-cert.c: Initialize OID length
5
6In case it is not set later.
7
8Thanks Matteo Marini for report
9https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
10
11fuzz_pkcs11/7
12
13CVE: CVE-2024-45615
14Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/bb3dedb71e59bd17f96fd4e807250a5cf2253cb7]
15
16Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
17---
18 src/libopensc/pkcs15-cert.c | 2 +-
19 1 file changed, 1 insertion(+), 1 deletion(-)
20
21diff --git a/src/libopensc/pkcs15-cert.c b/src/libopensc/pkcs15-cert.c
22index 1777a85835..5e2dbb89d0 100644
23--- a/src/libopensc/pkcs15-cert.c
24+++ b/src/libopensc/pkcs15-cert.c
25@@ -169,7 +169,7 @@ sc_pkcs15_get_name_from_dn(struct sc_context *ctx, const u8 *dn, size_t dn_len,
26 for (next_ava = rdn, next_ava_len = rdn_len; next_ava_len; ) {
27 const u8 *ava, *dummy, *oidp;
28 struct sc_object_id oid;
29- size_t ava_len, dummy_len, oid_len;
30+ size_t ava_len = 0, dummy_len, oid_len = 0;
31
32 /* unwrap the set and point to the next ava */
33 ava = sc_asn1_skip_tag(ctx, &next_ava, &next_ava_len, SC_ASN1_TAG_SET | SC_ASN1_CONS, &ava_len);
34--
352.34.1
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0004.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0004.patch
new file mode 100644
index 0000000000..a477bb07ec
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0004.patch
@@ -0,0 +1,36 @@
1From 42d718dfccd2a10f6d26705b8c991815c855fa3b Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
3Date: Tue, 16 Jul 2024 16:32:45 +0200
4Subject: [PATCH] pkcs15-sc-hsm: Initialize variables for tag and CLA
5
6In case they are not later initialize later by
7sc_asn1_read_tag() function.
8
9Thanks Matteo Marini for report
10https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
11
12fuzz_pkcs15_crypt/12
13
14CVE: CVE-2024-45615
15Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/42d718dfccd2a10f6d26705b8c991815c855fa3b]
16
17Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
18---
19 src/libopensc/pkcs15-sc-hsm.c | 2 +-
20 1 file changed, 1 insertion(+), 1 deletion(-)
21
22diff --git a/src/libopensc/pkcs15-sc-hsm.c b/src/libopensc/pkcs15-sc-hsm.c
23index 315cd74482..acdbee7054 100644
24--- a/src/libopensc/pkcs15-sc-hsm.c
25+++ b/src/libopensc/pkcs15-sc-hsm.c
26@@ -277,7 +277,7 @@ int sc_pkcs15emu_sc_hsm_decode_cvc(sc_pkcs15_card_t * p15card,
27 struct sc_asn1_entry asn1_cvcert[C_ASN1_CVCERT_SIZE];
28 struct sc_asn1_entry asn1_cvc_body[C_ASN1_CVC_BODY_SIZE];
29 struct sc_asn1_entry asn1_cvc_pubkey[C_ASN1_CVC_PUBKEY_SIZE];
30- unsigned int cla,tag;
31+ unsigned int cla = 0, tag = 0;
32 size_t taglen;
33 size_t lenchr = sizeof(cvc->chr);
34 size_t lencar = sizeof(cvc->car);
35--
362.34.1
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0005.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0005.patch
new file mode 100644
index 0000000000..7826f7e713
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/CVE-2024-45615-0005.patch
@@ -0,0 +1,34 @@
1From bde991b0fe4f0250243b0e4960978b1043c13b03 Mon Sep 17 00:00:00 2001
2From: Jakub Jelen <jjelen@redhat.com>
3Date: Mon, 20 May 2024 21:31:38 +0200
4Subject: [PATCH] pkcs15init: Avoid using uninitialized memory
5
6Thanks Matteo Marini for report
7
8https://github.com/OpenSC/OpenSC/security/advisories/GHSA-h5f7-rjr5-vx54
9
10Signed-off-by: Jakub Jelen <jjelen@redhat.com>
11
12CVE: CVE-2024-45615
13Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/bde991b0fe4f0250243b0e4960978b1043c13b03]
14
15Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
16---
17 src/pkcs15init/profile.c | 2 +-
18 1 file changed, 1 insertion(+), 1 deletion(-)
19
20diff --git a/src/pkcs15init/profile.c b/src/pkcs15init/profile.c
21index 74fbdcec1..16c2ddfea 100644
22--- a/src/pkcs15init/profile.c
23+++ b/src/pkcs15init/profile.c
24@@ -1807,7 +1807,7 @@ do_pin_storedlength(struct state *cur, int argc, char **argv)
25 static int
26 do_pin_flags(struct state *cur, int argc, char **argv)
27 {
28- unsigned int flags;
29+ unsigned int flags = 0;
30 int i, r;
31
32 if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
33--
342.34.1
diff --git a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
index 822e0ab971..9446237a09 100644
--- a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
+++ b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
@@ -26,6 +26,11 @@ SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \
26 file://CVE-2024-1454.patch \ 26 file://CVE-2024-1454.patch \
27 file://CVE-2024-8443-0001.patch \ 27 file://CVE-2024-8443-0001.patch \
28 file://CVE-2024-8443-0002.patch \ 28 file://CVE-2024-8443-0002.patch \
29 file://CVE-2024-45615-0001.patch \
30 file://CVE-2024-45615-0002.patch \
31 file://CVE-2024-45615-0003.patch \
32 file://CVE-2024-45615-0004.patch \
33 file://CVE-2024-45615-0005.patch \
29 " 34 "
30 35
31# CVE-2021-34193 is a duplicate CVE covering the 5 individual 36# CVE-2021-34193 is a duplicate CVE covering the 5 individual