fix CVE-2020-26571

2021-01-23 10:22:25 +08:00 · 2021-01-23 10:22:25 +08:00 · d71c6adbce
commit d71c6adbce
parent 06b016147b
2 changed files with 49 additions and 1 deletions
--- a/backport-CVE-2020-26571-fixed-invalid-read.patch
+++ b/backport-CVE-2020-26571-fixed-invalid-read.patch
@ -0,0 +1,44 @@
+From ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43 Mon Sep 17 00:00:00 2001
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Mon, 18 May 2020 17:25:32 +0200
+Subject: [PATCH] fixed invalid read
+
+fixes https://oss-fuzz.com/testcase-detail/5765246676631552
+---
+ src/libopensc/pkcs15-gemsafeGPK.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/libopensc/pkcs15-gemsafeGPK.c b/src/libopensc/pkcs15-gemsafeGPK.c
+index e13f3b8798..4b80daf2a1 100644
+--- a/src/libopensc/pkcs15-gemsafeGPK.c
+++ b/src/libopensc/pkcs15-gemsafeGPK.c
+@@ -205,7 +205,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
+ 
+ 	u8 sysrec[7];
+ 	int num_keyinfo = 0;
+-	keyinfo kinfo[8]; /* will loook for 8 keys */
+	keyinfo kinfo[9]; /* will look for 9 keys */
+ 	u8 modulus_buf[ 1 + 1024 / 8]; /* tag+modulus */
+ 	u8 *cp;
+ 	char buf[256];
+@@ -255,9 +255,9 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
+ 
+ 	/* There may be more then one key in the directory. */
+ 	/* we need to find them so we can associate them with the */
+-	/* the certificate.  The files are 0007 to 000f */
+	/* the certificate.  The files are 0007 to 000F */
+ 
+-	for (i = 7; i < 16; i++) {
+	for (i = 0x7; i <= 0xF; i++) {
+ 		path.value[0] = 0x00;
+ 		path.value[1] = i;
+ 		path.len = 2;	
+@@ -297,7 +297,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
+ 		while (j--) 
+ 			*cp++ =  modulus_buf[j + 1];
+ 		num_keyinfo++;
+-	} 
+	}
+ 
+ 	/* Get the gemsafe data with the cert */
+ 	 sc_format_path("3F000200004", &path);
--- a/opensc.spec
+++ b/opensc.spec
@ -3,7 +3,7 @@

 Name:            opensc
 Version:         0.20.0
-Release:         5
+Release:         6
 License:         LGPLv2.1+
 Summary:         Smart card library and applications
 URL:             https://github.com/OpenSC/OpenSC/wiki
@ -11,6 +11,7 @@ Source0:         https://github.com/OpenSC/OpenSC/releases/download/%{version}/%

 Patch0:          myeid-fixed-memory-leak.patch
 Patch1:          backport-CVE-2020-26570-Heap-buffer-overflow-WRITE.patch
+Patch2:          backport-CVE-2020-26571-fixed-invalid-read.patch 

 BuildRequires:   openssl-devel pcsc-lite-devel bash-completion docbook-style-xsl readline-devel
 BuildRequires:   desktop-file-utils /usr/bin/xsltproc autoconf automake libtool gcc
@ -134,6 +135,9 @@ make check
 %{_sysconfdir}/xdg/autostart/pkcs11-register.desktop

 %changelog
+* Sat Jan 23 2021 zoulin <zoulin13@huawei.com> - 0.20.0-6
+- fix CVE-2020-26571
+
 * Thu Dec 31 2020 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 0.20.0-5
 - fix CVE-2020-26570