mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
a02592adda
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66037 Backport the patch referenced by the wiki[1] mentioned in the nvd. [1] https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
36 lines
1.3 KiB
Diff
36 lines
1.3 KiB
Diff
From b1a6f86298af7dfbaa1110b86662a9d1393a7678 Mon Sep 17 00:00:00 2001
|
|
From: Jakub Jelen <jjelen@redhat.com>
|
|
Date: Tue, 25 Nov 2025 15:58:02 +0100
|
|
Subject: [PATCH] pkcs15: Avoid buffer overrun on invalid data
|
|
|
|
Invalid data can contain zero-length buffer, which after copying
|
|
was dereferenced without length check
|
|
|
|
Credit: Aldo Ristori
|
|
|
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
(cherry picked from commit 65fc211015cfcac27b10d0876054156c97225f50)
|
|
|
|
CVE: CVE-2025-66037
|
|
Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/65fc211015cfcac27b10d0876054156c97225f50]
|
|
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
|
|
---
|
|
src/libopensc/pkcs15-pubkey.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/src/libopensc/pkcs15-pubkey.c b/src/libopensc/pkcs15-pubkey.c
|
|
index a759efa45..48fb08cac 100644
|
|
--- a/src/libopensc/pkcs15-pubkey.c
|
|
+++ b/src/libopensc/pkcs15-pubkey.c
|
|
@@ -1328,6 +1328,10 @@ sc_pkcs15_pubkey_from_spki_fields(struct sc_context *ctx, struct sc_pkcs15_pubke
|
|
"sc_pkcs15_pubkey_from_spki_fields() called: %p:%"SC_FORMAT_LEN_SIZE_T"u\n%s",
|
|
buf, buflen, sc_dump_hex(buf, buflen));
|
|
|
|
+ if (buflen < 1) {
|
|
+ LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "subjectPublicKeyInfo can not be empty");
|
|
+ }
|
|
+
|
|
tmp_buf = malloc(buflen);
|
|
if (!tmp_buf) {
|
|
r = SC_ERROR_OUT_OF_MEMORY;
|