packages/opensc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!10 fix cve-2020-26570

Browse Source 
From: @yang_zhuang_zhuang
Reviewed-by: @zhujianwei001
Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot 2020-12-31 14:09:28 +08:00 committed by Gitee
commit 06b016147b
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
backport-CVE-2020-26570-Heap-buffer-overflow-WRITE.patch Normal file
View File

@ -0,0 +1,36 @@
From 6903aebfddc466d966c7b865fae34572bf3ed23e Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Thu, 30 Jul 2020 02:21:17 +0200
Subject: [PATCH] Heap-buffer-overflow WRITE
fixes https://oss-fuzz.com/testcase-detail/5088104168554496
---
src/libopensc/pkcs15-oberthur.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/libopensc/pkcs15-oberthur.c b/src/libopensc/pkcs15-oberthur.c
index a873aaa..2fb32b8 100644
--- a/src/libopensc/pkcs15-oberthur.c
+++ b/src/libopensc/pkcs15-oberthur.c
@@ -271,11 +271,15 @@ sc_oberthur_read_file(struct sc_pkcs15_card *p15card, const char *in_path,
rv = sc_read_binary(card, 0, *out, sz, 0);
}
else {
- int rec;
- int offs = 0;
- int rec_len = file->record_length;
+ size_t rec;
+ size_t offs = 0;
+ size_t rec_len = file->record_length;
for (rec = 1; ; rec++) {
+ if (rec > file->record_count) {
+ rv = 0;
+ break;
+ }
rv = sc_read_record(card, rec, *out + offs + 2, rec_len, SC_RECORD_BY_REC_NR);
if (rv == SC_ERROR_RECORD_NOT_FOUND) {
rv = 0;
--
1.8.3.1

6
opensc.spec
View File

@ -3,13 +3,14 @@
Name: opensc Name: opensc
Version: 0.20.0 Version: 0.20.0
Release: 4 Release: 5
License: LGPLv2.1+ License: LGPLv2.1+
Summary: Smart card library and applications Summary: Smart card library and applications
URL: https://github.com/OpenSC/OpenSC/wiki URL: https://github.com/OpenSC/OpenSC/wiki
Source0: https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz
Patch0: myeid-fixed-memory-leak.patch Patch0: myeid-fixed-memory-leak.patch
Patch1: backport-CVE-2020-26570-Heap-buffer-overflow-WRITE.patch
BuildRequires: openssl-devel pcsc-lite-devel bash-completion docbook-style-xsl readline-devel BuildRequires: openssl-devel pcsc-lite-devel bash-completion docbook-style-xsl readline-devel
BuildRequires: desktop-file-utils /usr/bin/xsltproc autoconf automake libtool gcc BuildRequires: desktop-file-utils /usr/bin/xsltproc autoconf automake libtool gcc
@ -133,6 +134,9 @@ make check
%{_sysconfdir}/xdg/autostart/pkcs11-register.desktop %{_sysconfdir}/xdg/autostart/pkcs11-register.desktop
%changelog %changelog
* Thu Dec 31 2020 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 0.20.0-5
- fix CVE-2020-26570
* Mon Sep 21 2020 liquor <lirui130@huawei.com> - 0.20.0-4 * Mon Sep 21 2020 liquor <lirui130@huawei.com> - 0.20.0-4
- myeid: fixed memory leak - myeid: fixed memory leak