blob: 4c0d1ec30926e95f21d98bfd9684a125c52ffbb2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
From e7177c7ca00200afea820d155dca67f38b232967 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 20 May 2024 22:14:48 +0200
Subject: [PATCH] cac: Correctly calculate certificate length based on the
resplen
Thanks Matteo Marini for report
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-h5f7-rjr5-vx54
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
CVE: CVE-2024-45616
Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/e7177c7ca00200afea820d155dca67f38b232967]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
---
src/libopensc/card-cac1.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/libopensc/card-cac1.c b/src/libopensc/card-cac1.c
index 50c0928f5..bbdbc0a8d 100644
--- a/src/libopensc/card-cac1.c
+++ b/src/libopensc/card-cac1.c
@@ -95,12 +95,12 @@ static int cac_cac1_get_certificate(sc_card_t *card, u8 **out_buf, size_t *out_l
if (apdu.sw1 != 0x63 || apdu.sw2 < 1) {
/* we've either finished reading, or hit an error, break */
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
- left -= len;
+ left -= apdu.resplen;
break;
}
/* Adjust the lengths */
- left -= len;
- out_ptr += len;
+ left -= apdu.resplen;
+ out_ptr += apdu.resplen;
len = MIN(left, apdu.sw2);
}
if (r < 0) {
--
2.34.1
|
