mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

opensc: patch CVE-2025-49010

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-49010

Backport the patch referenced by the wiki[1] mentioned in the nvd.

[1] https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Ankur Tyagi
2026-04-27 01:03:48 +12:00
committed by Anuj Mittal
parent 22a2ae9646
commit 886f7d221a
2 changed files with 73 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/opensc/files/CVE-2025-49010.patch
+72
View File
@@ -0,0 +1,72 @@
From fd4c54b4571b2e1593a8331906b5f0ca2aa39283 Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Thu, 22 May 2025 00:24:32 +0200
Subject: [PATCH] fixed Stack-buffer-overflow WRITE in GET RESPONSE
The do-while loop in apdu.c requires the output data to be set in any
case, otherwise non existent data may be copied to the output data.
fixes https://issues.oss-fuzz.com/issues/416351800
fixes https://issues.oss-fuzz.com/issues/416295951
(cherry picked from commit 953986f65db61871bbbff72788d861d67d5140c6)
CVE: CVE-2025-49010
Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/953986f65db61871bbbff72788d861d67d5140c6]
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
src/libopensc/card-nqApplet.c | 11 ++++++-----
src/libopensc/iso7816.c | 5 +++--
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/src/libopensc/card-nqApplet.c b/src/libopensc/card-nqApplet.c
index f9075b948..90706f4b1 100644
--- a/src/libopensc/card-nqApplet.c
+++ b/src/libopensc/card-nqApplet.c
@@ -190,9 +190,10 @@ static int nqapplet_finish(struct sc_card *card)
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
-static int nqapplet_get_response(struct sc_card *card, size_t *cb_resp, u8 *resp)
+static int
+nqapplet_get_response(struct sc_card *card, size_t *cb_resp, u8 *resp)
{
- struct sc_apdu apdu;
+ struct sc_apdu apdu = {0};
int rv;
size_t resplen;
@@ -204,12 +205,12 @@ static int nqapplet_get_response(struct sc_card *card, size_t *cb_resp, u8 *resp
rv = sc_transmit_apdu(card, &apdu);
LOG_TEST_RET(card->ctx, rv, "APDU transmit failed");
- if (apdu.resplen == 0) {
- LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
- }
*cb_resp = apdu.resplen;
+ if (apdu.resplen == 0) {
+ LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
+ }
if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) {
rv = SC_SUCCESS;
} else if (apdu.sw1 == 0x61) {
diff --git a/src/libopensc/iso7816.c b/src/libopensc/iso7816.c
index 2fea84078..dc2f03c00 100644
--- a/src/libopensc/iso7816.c
+++ b/src/libopensc/iso7816.c
@@ -920,11 +920,12 @@ iso7816_get_response(struct sc_card *card, size_t *count, u8 *buf)
r = sc_transmit_apdu(card, &apdu);
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
- if (apdu.resplen == 0)
- LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
*count = apdu.resplen;
+ if (apdu.resplen == 0) {
+ LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
+ }
if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00)
r = 0; /* no more data to read */
else if (apdu.sw1 == 0x61)
meta-oe/recipes-support/opensc/opensc_0.25.1.bb
+1
View File
@@ -17,6 +17,7 @@ SRC_URI = "git://github.com/OpenSC/OpenSC;branch=stable-0.25;protocol=https \
file://0001-PR-Fixes-for-uninitialized-memory-issues.patch \
file://CVE-2024-8443-0001.patch \
file://CVE-2024-8443-0002.patch \
file://CVE-2025-49010.patch \
"
DEPENDS = "virtual/libiconv openssl"