rpms/opensc
5
0
Fork 0
Code Issues Pull Requests Releases Activity
f2f9d59e62
opensc/opensc-0.25.1-sast.patch
Veronika Hanulíková e36c2cf161 Fix SAST findings 
Resolves: RHEL-36768
2024-06-12 13:55:38 +02:00

187 lines
6.9 KiB
Diff
Raw Blame History

From 86eabd42ea7c93d23258c70ea79ea3ed4f3110f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
Date: Wed, 22 May 2024 09:55:04 +0200
Subject: [PATCH 1/4] card-piv: Fix integer overflow
---
src/libopensc/card-piv.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c
index c3a305799..ca071c58e 100644
--- a/src/libopensc/card-piv.c
+++ b/src/libopensc/card-piv.c
@@ -3408,11 +3408,11 @@ piv_put_data(sc_card_t *card, int tag, const u8 *buf, size_t buf_len)
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
tag_len = piv_objects[tag].tag_len;
- sbuflen = sc_asn1_put_tag(0x5c, piv_objects[tag].tag_value, tag_len, NULL, 0, NULL);
- if (sbuflen <= 0) {
+ r = sc_asn1_put_tag(0x5c, piv_objects[tag].tag_value, tag_len, NULL, 0, NULL);
+ if (r <= 0) {
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
}
- sbuflen += buf_len;
+ sbuflen = r + buf_len;
if (!(sbuf = malloc(sbuflen))) {
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
}
--
2.44.0
From 6923b97d59f8a5a636223a36465912e0c640a534 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
Date: Wed, 22 May 2024 10:11:46 +0200
Subject: [PATCH 2/4] iso7816.c: Check length of file_ref to prevent buffer
overrun
---
src/libopensc/iso7816.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libopensc/iso7816.c b/src/libopensc/iso7816.c
index 73893e941..98c059bdc 100644
--- a/src/libopensc/iso7816.c
+++ b/src/libopensc/iso7816.c
@@ -1003,7 +1003,7 @@ iso7816_set_security_env(struct sc_card *card,
*p++ = env->algorithm_ref & 0xFF;
}
if (env->flags & SC_SEC_ENV_FILE_REF_PRESENT) {
- if (env->file_ref.len > 0xFF)
+ if (env->file_ref.len > SC_MAX_PATH_SIZE)
return SC_ERROR_INVALID_ARGUMENTS;
if (sizeof(sbuf) - (p - sbuf) < env->file_ref.len + 2)
return SC_ERROR_OFFSET_TOO_LARGE;
--
2.44.0
From 6ceb50e271f4b67ec934aae5f8383475e1bd58ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
Date: Thu, 23 May 2024 10:04:08 +0200
Subject: [PATCH 3/4] iso7816.c: Check length of key_ref_len to prevent buffer
overrun
---
src/libopensc/iso7816.c | 2 +-
src/libopensc/opensc.h | 2 +-
src/libopensc/types.h | 1 +
3 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/libopensc/iso7816.c b/src/libopensc/iso7816.c
index 98c059bdc..d7e044993 100644
--- a/src/libopensc/iso7816.c
+++ b/src/libopensc/iso7816.c
@@ -1021,7 +1021,7 @@ iso7816_set_security_env(struct sc_card *card,
*p++ = 0x83;
else
*p++ = 0x84;
- if (env->key_ref_len > 0xFF)
+ if (env->key_ref_len > SC_MAX_KEYREF_SIZE)
return SC_ERROR_INVALID_ARGUMENTS;
*p++ = env->key_ref_len & 0xFF;
memcpy(p, env->key_ref, env->key_ref_len);
diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h
index cbcb3bebb..5faf590ae 100644
--- a/src/libopensc/opensc.h
+++ b/src/libopensc/opensc.h
@@ -251,7 +251,7 @@ typedef struct sc_security_env {
unsigned long algorithm_ref;
struct sc_path file_ref;
- unsigned char key_ref[8];
+ unsigned char key_ref[SC_MAX_KEYREF_SIZE];
size_t key_ref_len;
struct sc_path target_file_ref; /* target key file in unwrap operation */
diff --git a/src/libopensc/types.h b/src/libopensc/types.h
index 7eea3fa82..304725a67 100644
--- a/src/libopensc/types.h
+++ b/src/libopensc/types.h
@@ -50,6 +50,7 @@ typedef unsigned char u8;
#define SC_MAX_CRTS_IN_SE 12
#define SC_MAX_SE_NUM 8
#define SC_MAX_PKCS15_EMULATORS 48
+#define SC_MAX_KEYREF_SIZE 8
/* When changing this value, pay attention to the initialization of the ASN1
* static variables that use this macro, like, for example,
--
2.44.0
From 42d4950b9804a6c057586e0e6cb614205818c411 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 9 May 2024 18:53:15 +0200
Subject: [PATCH 4/4] pkcs15init: Avoid memory leaks
---
src/pkcs15init/pkcs15-lib.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index 0dc62af4a..dbb5748b2 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -1888,8 +1888,10 @@ sc_pkcs15init_store_public_key(struct sc_pkcs15_card *p15card, struct sc_profile
key.u.rsa.modulus.data = NULL;
key.u.rsa.exponent.data = NULL;
// copy RSA params
- if (!(key.u.rsa.modulus.data = malloc(keyargs->key.u.rsa.modulus.len)))
- LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Failed to copy RSA public key parameters");
+ if (!(key.u.rsa.modulus.data = malloc(keyargs->key.u.rsa.modulus.len))) {
+ r = SC_ERROR_OUT_OF_MEMORY;
+ LOG_TEST_GOTO_ERR(ctx, r, "Failed to copy RSA public key parameters");
+ }
memcpy(key.u.rsa.modulus.data, keyargs->key.u.rsa.modulus.data, keyargs->key.u.rsa.modulus.len);
if (!(key.u.rsa.exponent.data = malloc(keyargs->key.u.rsa.exponent.len))) {
r = SC_ERROR_OUT_OF_MEMORY;
@@ -1902,8 +1904,10 @@ sc_pkcs15init_store_public_key(struct sc_pkcs15_card *p15card, struct sc_profile
case SC_ALGORITHM_GOSTR3410:
key.u.gostr3410.xy.data = NULL;
// copy GOSTR params
- if (!(key.u.gostr3410.xy.data = malloc(keyargs->key.u.gostr3410.xy.len)))
- LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Failed to copy GOSTR public key parameters");
+ if (!(key.u.gostr3410.xy.data = malloc(keyargs->key.u.gostr3410.xy.len))) {
+ r = SC_ERROR_OUT_OF_MEMORY;
+ LOG_TEST_GOTO_ERR(ctx, r, "Failed to copy GOSTR public key parameters");
+ }
memcpy(key.u.gostr3410.xy.data, keyargs->key.u.gostr3410.xy.data, keyargs->key.u.gostr3410.xy.len);
keybits = SC_PKCS15_GOSTR3410_KEYSIZE;
type = SC_PKCS15_TYPE_PUBKEY_GOSTR3410;
@@ -1912,14 +1916,15 @@ sc_pkcs15init_store_public_key(struct sc_pkcs15_card *p15card, struct sc_profile
type = SC_PKCS15_TYPE_PUBKEY_EC;
r = sc_copy_ec_params(&key.u.ec.params, &keyargs->key.u.ec.params);
- LOG_TEST_RET(ctx, r, "Failed to copy EC public key parameters");
+ LOG_TEST_GOTO_ERR(ctx, r, "Failed to copy EC public key parameters");
r = sc_pkcs15_fix_ec_parameters(ctx, &key.u.ec.params);
LOG_TEST_GOTO_ERR(ctx, r, "Failed to fix EC public key parameters");
keybits = key.u.ec.params.field_length;
break;
default:
- LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Unsupported key algorithm.");
+ r = SC_ERROR_NOT_SUPPORTED;
+ LOG_TEST_GOTO_ERR(ctx, r, "Unsupported key algorithm.");
}
if ((usage = keyargs->usage) == 0) {
@@ -1933,8 +1938,10 @@ sc_pkcs15init_store_public_key(struct sc_pkcs15_card *p15card, struct sc_profile
/* Set up the pkcs15 object. */
object = sc_pkcs15init_new_object(type, label, &keyargs->auth_id, NULL);
- if (object == NULL)
- LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate new public key object");
+ if (object == NULL) {
+ r = SC_ERROR_OUT_OF_MEMORY;
+ LOG_TEST_GOTO_ERR(ctx, r, "Cannot allocate new public key object");
+ }
key_info = (struct sc_pkcs15_pubkey_info *) object->data;
key_info->usage = usage;
--
2.44.0
Reference in New Issue View Git Blame Copy Permalink