packages/opensc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
opensc/backport-CVE-2021-42778-idprime-Use-temporary.patch
Hugel a43b4c0dbc fix CVE-2021-42778 CVE-2021-42780
2022-05-09 16:30:27 +08:00

55 lines
1.5 KiB
Diff
Raw Blame History

From f015746d22d249642c19674298a18ad824db0ed7 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 2 Dec 2020 13:15:11 +0100
Subject: [PATCH] idprime: Use temporary variable instead of messing up the
passed one
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185
---
src/libopensc/card-idprime.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/libopensc/card-idprime.c b/src/libopensc/card-idprime.c
index cf933140c1..8ca393d11d 100644
--- a/src/libopensc/card-idprime.c
+++ b/src/libopensc/card-idprime.c
@@ -418,6 +418,7 @@ static int idprime_get_token_name(sc_card_t* card, char** tname)
sc_path_t tinfo_path = {"\x00\x00", 2, 0, 0, SC_PATH_TYPE_PATH, {"", 0}};
sc_file_t *file = NULL;
u8 buf[2];
+ char *name;
int r;
LOG_FUNC_CALLED(card->ctx);
@@ -445,20 +446,22 @@ static int idprime_get_token_name(sc_card_t* card, char** tname)
}
sc_file_free(file);
- *tname = malloc(buf[1]);
- if (*tname == NULL) {
+ name = malloc(buf[1]);
+ if (name == NULL) {
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
}
- r = iso_ops->read_binary(card, 2, (unsigned char *)*tname, buf[1], 0);
+ r = iso_ops->read_binary(card, 2, (unsigned char *)name, buf[1], 0);
if (r < 1) {
- free(*tname);
+ free(name);
LOG_FUNC_RETURN(card->ctx, r);
}
- if ((*tname)[r-1] != '\0') {
- (*tname)[r-1] = '\0';
+ if (name[r-1] != '\0') {
+ name[r-1] = '\0';
}
+ *tname = name;
+
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
Reference in New Issue View Git Blame Copy Permalink