aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-4.patch
blob: 797f8ad3b18fd379ed21d9ce3d7c3959094f1c1b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

Origin: https://github.com/OpenSC/OpenSC/commit/578aed8391ef117ca64a9e0cba8e5c264368a0ec
From: Frank Morgner <frankmorgner@gmail.com>
Date: Thu, 8 Dec 2022 00:27:18 +0100
Subject: sc_pkcs15init_rmdir: prevent out of bounds write

fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53927
CVE: CVE-2023-40661
Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50]
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Comment: Hunk refreshed based on codebase.
---
 src/pkcs15init/pkcs15-lib.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index 91cee37310..3df03c6e1f 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -666,6 +666,8 @@
 
 		path = df->path;
 		path.len += 2;
+		if (path.len > SC_MAX_PATH_SIZE)
+			return SC_ERROR_INTERNAL;
 
 		nfids = r / 2;
 		while (r >= 0 && nfids--) {
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-01 00:32:19 +0000