From: Veronika Hanulíková Date: Tue, 23 Jul 2024 10:48:32 +0200 Subject: card-entersafe: Check length of serial number Thanks Matteo Marini for report Origin: https://github.com/OpenSC/OpenSC/commit/aa102cd9abe1b0eaf537d9dd926844a46060d8bc Bug: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2309290 Bug: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-45616 Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2024-45616 Bug-Debian: https://bugs.debian.org/1082860 --- src/libopensc/card-entersafe.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libopensc/card-entersafe.c b/src/libopensc/card-entersafe.c index 24f2c75..5515843 100644 --- a/src/libopensc/card-entersafe.c +++ b/src/libopensc/card-entersafe.c @@ -1453,6 +1453,8 @@ static int entersafe_get_serialnr(sc_card_t *card, sc_serial_number_t *serial) r=entersafe_transmit_apdu(card, &apdu,0,0,0,0); LOG_TEST_RET(card->ctx, r, "APDU transmit failed"); LOG_TEST_RET(card->ctx, sc_check_sw(card,apdu.sw1,apdu.sw2),"EnterSafe get SN failed"); + if (apdu.resplen != 8) + LOG_TEST_RET(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Invalid length of SN"); card->serialnr.len=serial->len=8; memcpy(card->serialnr.value,rbuf,8);