packages/opensc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
opensc/backport-CVE-2020-26572-prevent-out-of-bounds-write.patch
Hugel 8ad4c7b684 fix CVE-2020-26572
2021-02-03 14:58:31 +08:00

24 lines
901 B
Diff
Raw Blame History

From 9d294de90d1cc66956389856e60b6944b27b4817 Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Thu, 4 Jun 2020 10:04:10 +0200
Subject: [PATCH] prevent out of bounds write
fixes https://oss-fuzz.com/testcase-detail/5226571123392512
---
src/libopensc/card-tcos.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/libopensc/card-tcos.c b/src/libopensc/card-tcos.c
index 673c2493dd..e88c80bd79 100644
--- a/src/libopensc/card-tcos.c
+++ b/src/libopensc/card-tcos.c
@@ -623,6 +623,8 @@ static int tcos_decipher(sc_card_t *card, const u8 * crgram, size_t crgram_len,
apdu.data = sbuf;
apdu.lc = apdu.datalen = crgram_len+1;
sbuf[0] = tcos3 ? 0x00 : ((data->pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) ? 0x81 : 0x02);
+ if (sizeof sbuf - 1 < crgram_len)
+ return SC_ERROR_INVALID_ARGUMENTS;
memcpy(sbuf+1, crgram, crgram_len);
r = sc_transmit_apdu(card, &apdu);
Reference in New Issue View Git Blame Copy Permalink