1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From aa102cd9abe1b0eaf537d9dd926844a46060d8bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
Date: Tue, 23 Jul 2024 10:48:32 +0200
Subject: [PATCH] card-entersafe: Check length of serial number
Thanks Matteo Marini for report
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
fuzz_pkcs15_reader/5
CVE: CVE-2024-45616
Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/aa102cd9abe1b0eaf537d9dd926844a46060d8bc]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
---
src/libopensc/card-entersafe.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/libopensc/card-entersafe.c b/src/libopensc/card-entersafe.c
index 6372913d0..305323fd5 100644
--- a/src/libopensc/card-entersafe.c
+++ b/src/libopensc/card-entersafe.c
@@ -1468,6 +1468,8 @@ static int entersafe_get_serialnr(sc_card_t *card, sc_serial_number_t *serial)
r=entersafe_transmit_apdu(card, &apdu,0,0,0,0);
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
LOG_TEST_RET(card->ctx, sc_check_sw(card,apdu.sw1,apdu.sw2),"EnterSafe get SN failed");
+ if (apdu.resplen != 8)
+ LOG_TEST_RET(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Invalid length of SN");
card->serialnr.len=serial->len=8;
memcpy(card->serialnr.value,rbuf,8);
--
2.34.1
|
