aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CVE-2020-26570.patch33
-rw-r--r--community/opensc/APKBUILD14
-rw-r--r--community/opensc/CVE-2020-26570.patch33
-rw-r--r--community/opensc/CVE-2020-26571.patch44
-rw-r--r--community/opensc/CVE-2020-26572.patch23
5 files changed, 145 insertions, 2 deletions
diff --git a/CVE-2020-26570.patch b/CVE-2020-26570.patch
new file mode 100644
index 00000000000..c345cab3a28
--- /dev/null
+++ b/CVE-2020-26570.patch
@@ -0,0 +1,33 @@
+From 6903aebfddc466d966c7b865fae34572bf3ed23e Mon Sep 17 00:00:00 2001
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Thu, 30 Jul 2020 02:21:17 +0200
+Subject: [PATCH] Heap-buffer-overflow WRITE
+
+fixes https://oss-fuzz.com/testcase-detail/5088104168554496
+---
+ src/libopensc/pkcs15-oberthur.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/libopensc/pkcs15-oberthur.c b/src/libopensc/pkcs15-oberthur.c
+index a873aaa0dd..2fb32b8dba 100644
+--- a/src/libopensc/pkcs15-oberthur.c
++++ b/src/libopensc/pkcs15-oberthur.c
+@@ -271,11 +271,15 @@ sc_oberthur_read_file(struct sc_pkcs15_card *p15card, const char *in_path,
+ rv = sc_read_binary(card, 0, *out, sz, 0);
+ }
+ else {
+- int rec;
+- int offs = 0;
+- int rec_len = file->record_length;
++ size_t rec;
++ size_t offs = 0;
++ size_t rec_len = file->record_length;
+
+ for (rec = 1; ; rec++) {
++ if (rec > file->record_count) {
++ rv = 0;
++ break;
++ }
+ rv = sc_read_record(card, rec, *out + offs + 2, rec_len, SC_RECORD_BY_REC_NR);
+ if (rv == SC_ERROR_RECORD_NOT_FOUND) {
+ rv = 0;
diff --git a/community/opensc/APKBUILD b/community/opensc/APKBUILD
index b89b13fbcb5..01594c96ff6 100644
--- a/community/opensc/APKBUILD
+++ b/community/opensc/APKBUILD
@@ -3,7 +3,7 @@
pkgname=opensc
_realname=OpenSC
pkgver=0.20.0
-pkgrel=1
+pkgrel=2
pkgdesc="Open source smart card tools and middleware"
url="https://github.com/OpenSC/OpenSC"
arch="all"
@@ -13,11 +13,18 @@ depends_dev="zlib-dev pcsc-lite-dev openssl-dev readline-dev"
makedepends="$depends_dev automake autoconf m4 gettext libtool"
subpackages="$pkgname-dev $pkgname-doc $pkgname-bash-completion:bashcomp:noarch"
source="$_realname-$pkgver.tar.gz::https://github.com/OpenSC/OpenSC/archive/$pkgver.tar.gz
+ CVE-2020-26570.patch
+ CVE-2020-26571.patch
+ CVE-2020-26572.patch
"
builddir="$srcdir/$_realname-$pkgver"
# secfixes:
+# 0.20.0-r2:
+# - CVE-2020-26570
+# - CVE-2020-26571
+# - CVE-2020-26572
# 0.20.0-r0:
# - CVE-2019-6502
# - CVE-2019-15945
@@ -79,4 +86,7 @@ bashcomp() {
amove usr/share/bash-completion/completions
}
-sha512sums="1360ee35f579cbeecf368777bb60d6c23ec2a80a2983328ea2c193530cc9b101a807ff1e2982ad34bfcc2bae2c867feecf300b6229d15057e796bd31ecffb02d OpenSC-0.20.0.tar.gz"
+sha512sums="1360ee35f579cbeecf368777bb60d6c23ec2a80a2983328ea2c193530cc9b101a807ff1e2982ad34bfcc2bae2c867feecf300b6229d15057e796bd31ecffb02d OpenSC-0.20.0.tar.gz
+e5d3aa047459986bbdefcb436ada8079345fa5f5d4498062f8cd1c1af9c769b56e7b1a79f792aa85e767b21d802815ec52fff5093540ac928da203c634b01996 CVE-2020-26570.patch
+aa822cddb8526d4ed9a124f5b5854688e82f1101c8a2ac05b33784f43f0c79fdc0f0772bc89ced066bfe700ad674209e0cec9707e9af326c028b8021d321ea1b CVE-2020-26571.patch
+0e71e69396123578def598cdb9f359000e15bf4d9cfeca0df50808d31bbeee8ecd458333fb8734a7569112c5559ca2d4bdb740cef9360a8bcba3be3650bd32bf CVE-2020-26572.patch"
diff --git a/community/opensc/CVE-2020-26570.patch b/community/opensc/CVE-2020-26570.patch
new file mode 100644
index 00000000000..c345cab3a28
--- /dev/null
+++ b/community/opensc/CVE-2020-26570.patch
@@ -0,0 +1,33 @@
+From 6903aebfddc466d966c7b865fae34572bf3ed23e Mon Sep 17 00:00:00 2001
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Thu, 30 Jul 2020 02:21:17 +0200
+Subject: [PATCH] Heap-buffer-overflow WRITE
+
+fixes https://oss-fuzz.com/testcase-detail/5088104168554496
+---
+ src/libopensc/pkcs15-oberthur.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/libopensc/pkcs15-oberthur.c b/src/libopensc/pkcs15-oberthur.c
+index a873aaa0dd..2fb32b8dba 100644
+--- a/src/libopensc/pkcs15-oberthur.c
++++ b/src/libopensc/pkcs15-oberthur.c
+@@ -271,11 +271,15 @@ sc_oberthur_read_file(struct sc_pkcs15_card *p15card, const char *in_path,
+ rv = sc_read_binary(card, 0, *out, sz, 0);
+ }
+ else {
+- int rec;
+- int offs = 0;
+- int rec_len = file->record_length;
++ size_t rec;
++ size_t offs = 0;
++ size_t rec_len = file->record_length;
+
+ for (rec = 1; ; rec++) {
++ if (rec > file->record_count) {
++ rv = 0;
++ break;
++ }
+ rv = sc_read_record(card, rec, *out + offs + 2, rec_len, SC_RECORD_BY_REC_NR);
+ if (rv == SC_ERROR_RECORD_NOT_FOUND) {
+ rv = 0;
diff --git a/community/opensc/CVE-2020-26571.patch b/community/opensc/CVE-2020-26571.patch
new file mode 100644
index 00000000000..ef597435aac
--- /dev/null
+++ b/community/opensc/CVE-2020-26571.patch
@@ -0,0 +1,44 @@
+From ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43 Mon Sep 17 00:00:00 2001
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Mon, 18 May 2020 17:25:32 +0200
+Subject: [PATCH] fixed invalid read
+
+fixes https://oss-fuzz.com/testcase-detail/5765246676631552
+---
+ src/libopensc/pkcs15-gemsafeGPK.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/libopensc/pkcs15-gemsafeGPK.c b/src/libopensc/pkcs15-gemsafeGPK.c
+index e13f3b8798..4b80daf2a1 100644
+--- a/src/libopensc/pkcs15-gemsafeGPK.c
++++ b/src/libopensc/pkcs15-gemsafeGPK.c
+@@ -205,7 +205,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
+
+ u8 sysrec[7];
+ int num_keyinfo = 0;
+- keyinfo kinfo[8]; /* will loook for 8 keys */
++ keyinfo kinfo[9]; /* will look for 9 keys */
+ u8 modulus_buf[ 1 + 1024 / 8]; /* tag+modulus */
+ u8 *cp;
+ char buf[256];
+@@ -255,9 +255,9 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
+
+ /* There may be more then one key in the directory. */
+ /* we need to find them so we can associate them with the */
+- /* the certificate. The files are 0007 to 000f */
++ /* the certificate. The files are 0007 to 000F */
+
+- for (i = 7; i < 16; i++) {
++ for (i = 0x7; i <= 0xF; i++) {
+ path.value[0] = 0x00;
+ path.value[1] = i;
+ path.len = 2;
+@@ -297,7 +297,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
+ while (j--)
+ *cp++ = modulus_buf[j + 1];
+ num_keyinfo++;
+- }
++ }
+
+ /* Get the gemsafe data with the cert */
+ sc_format_path("3F000200004", &path);
diff --git a/community/opensc/CVE-2020-26572.patch b/community/opensc/CVE-2020-26572.patch
new file mode 100644
index 00000000000..0c73a1f23a5
--- /dev/null
+++ b/community/opensc/CVE-2020-26572.patch
@@ -0,0 +1,23 @@
+From 9d294de90d1cc66956389856e60b6944b27b4817 Mon Sep 17 00:00:00 2001
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Thu, 4 Jun 2020 10:04:10 +0200
+Subject: [PATCH] prevent out of bounds write
+
+fixes https://oss-fuzz.com/testcase-detail/5226571123392512
+---
+ src/libopensc/card-tcos.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/libopensc/card-tcos.c b/src/libopensc/card-tcos.c
+index 673c2493dd..e88c80bd79 100644
+--- a/src/libopensc/card-tcos.c
++++ b/src/libopensc/card-tcos.c
+@@ -623,6 +623,8 @@ static int tcos_decipher(sc_card_t *card, const u8 * crgram, size_t crgram_len,
+ apdu.data = sbuf;
+ apdu.lc = apdu.datalen = crgram_len+1;
+ sbuf[0] = tcos3 ? 0x00 : ((data->pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) ? 0x81 : 0x02);
++ if (sizeof sbuf - 1 < crgram_len)
++ return SC_ERROR_INVALID_ARGUMENTS;
+ memcpy(sbuf+1, crgram, crgram_len);
+
+ r = sc_transmit_apdu(card, &apdu);
generated by cgit v1.2.3 (git 2.41.0) at 2024-04-25 17:23:24 +0000