File: 0012-CVE-2023-40661.patch

package info (click to toggle)
opensc 0.23.0-0.3%2Bdeb12u2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 15,868 kB
  • sloc: ansic: 177,824; xml: 6,009; sh: 1,807; makefile: 968; cpp: 302; lex: 92
file content (23 lines) | stat: -rw-r--r-- 802 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
Origin: https://github.com/OpenSC/OpenSC/commit/578aed8391ef117ca64a9e0cba8e5c264368a0ec
From: Frank Morgner <frankmorgner@gmail.com>
Date: Thu, 8 Dec 2022 00:27:18 +0100
Subject: sc_pkcs15init_rmdir: prevent out of bounds write

fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53927
---
 src/pkcs15init/pkcs15-lib.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index 91cee37310..3df03c6e1f 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -685,6 +685,8 @@ sc_pkcs15init_rmdir(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
 
 		path = df->path;
 		path.len += 2;
+		if (path.len > SC_MAX_PATH_SIZE)
+			return SC_ERROR_INTERNAL;
 
 		nfids = r / 2;
 		while (r >= 0 && nfids--) {