32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
From 5d4daf6c92e4668f5458f380f3cacea3e879d91a Mon Sep 17 00:00:00 2001
|
|
From: Jakub Jelen <jjelen@redhat.com>
|
|
Date: Thu, 18 Mar 2021 19:48:33 +0100
|
|
Subject: [PATCH] oberthur: One more overlooked buffer overflow
|
|
|
|
Thanks oss-fuzz
|
|
|
|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32202
|
|
---
|
|
src/libopensc/pkcs15-oberthur.c | 5 ++++-
|
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/libopensc/pkcs15-oberthur.c b/src/libopensc/pkcs15-oberthur.c
|
|
index 4ba201f..0ddfc3f 100644
|
|
--- a/src/libopensc/pkcs15-oberthur.c
|
|
+++ b/src/libopensc/pkcs15-oberthur.c
|
|
@@ -609,7 +609,10 @@ sc_pkcs15emu_oberthur_add_pubkey(struct sc_pkcs15_card *p15card,
|
|
LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add public key: no 'Label'");
|
|
}
|
|
len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100;
|
|
- if (len) {
|
|
+ if (offs + 2 + len > info_len) {
|
|
+ free(info_blob);
|
|
+ LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Failed to add public key: invalid 'Label' length");
|
|
+ } else if (len) {
|
|
if (len > sizeof(key_obj.label) - 1)
|
|
len = sizeof(key_obj.label) - 1;
|
|
memcpy(key_obj.label, info_blob + offs + 2, len);
|
|
--
|
|
1.8.3.1
|
|
|