-
Notifications
You must be signed in to change notification settings - Fork 614
Expand file tree
/
Copy pathCVE-2025-66037.patch
More file actions
35 lines (29 loc) · 1.25 KB
/
CVE-2025-66037.patch
File metadata and controls
35 lines (29 loc) · 1.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
From 2b87a8d6c6164799b21a9dc014359346d39180b1 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 25 Nov 2025 15:58:02 +0100
Subject: [PATCH] pkcs15: Avoid buffer overrun on invalid data
Invalid data can contain zero-length buffer, which after copying
was dereferenced without length check
Credit: Aldo Ristori
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Upstream-reference: https://github.com/OpenSC/OpenSC/commit/65fc211015cfcac27b10d0876054156c97225f50.patch
---
src/libopensc/pkcs15-pubkey.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/libopensc/pkcs15-pubkey.c b/src/libopensc/pkcs15-pubkey.c
index bc5fa45..4ccb8ad 100644
--- a/src/libopensc/pkcs15-pubkey.c
+++ b/src/libopensc/pkcs15-pubkey.c
@@ -1327,6 +1327,10 @@ sc_pkcs15_pubkey_from_spki_fields(struct sc_context *ctx, struct sc_pkcs15_pubke
"sc_pkcs15_pubkey_from_spki_fields() called: %p:%"SC_FORMAT_LEN_SIZE_T"u\n%s",
buf, buflen, sc_dump_hex(buf, buflen));
+ if (buflen < 1) {
+ LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "subjectPublicKeyInfo can not be empty");
+ }
+
tmp_buf = malloc(buflen);
if (!tmp_buf) {
r = SC_ERROR_OUT_OF_MEMORY;
--
2.45.4