aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch')
-rw-r--r--meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch
new file mode 100644
index 0000000000..73222ee1a4
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/opensc/CVE-2019-19479.patch
@@ -0,0 +1,30 @@
+From c3f23b836e5a1766c36617fe1da30d22f7b63de2 Mon Sep 17 00:00:00 2001
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Sun, 3 Nov 2019 04:45:28 +0100
+Subject: [PATCH] fixed UNKNOWN READ
+
+Upstream-Status: Accepted <or Backport>
+CVE: CVE-2019-19479
+
+Reported by OSS-Fuzz
+https://oss-fuzz.com/testcase-detail/5681169970757632
+
+Reference to upstream patch:
+https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2
+---
+ src/libopensc/card-setcos.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libopensc/card-setcos.c b/src/libopensc/card-setcos.c
+index 4cf328ad6a..1b4e8f3e23 100644
+--- a/src/libopensc/card-setcos.c
++++ b/src/libopensc/card-setcos.c
+@@ -868,7 +868,7 @@ static void parse_sec_attr_44(sc_file_t *file, const u8 *buf, size_t len)
+ }
+
+ /* Encryption key present ? */
+- iPinCount = iACLen - 1;
++ iPinCount = iACLen > 0 ? iACLen - 1 : 0;
+
+ if (buf[iOffset] & 0x20) {
+ int iSC;
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-19 13:33:57 +0000