Menu
▾
▴
[Opensc-commits] [OpenSC/OpenSC] 76115e: gids: Avoid using uninitialized memory
|
From: Veronika H. <no...@gi...> - 2024-09-11 06:44:26
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 76115e34799906a64202df952a8a9915d30bc89d https://github.com/OpenSC/OpenSC/commit/76115e34799906a64202df952a8a9915d30bc89d Author: Jakub Jelen <jj...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-gids.c Log Message: ----------- gids: Avoid using uninitialized memory Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-h5f7-rjr5-vx54 Signed-off-by: Jakub Jelen <jj...@re...> Commit: bde991b0fe4f0250243b0e4960978b1043c13b03 https://github.com/OpenSC/OpenSC/commit/bde991b0fe4f0250243b0e4960978b1043c13b03 Author: Jakub Jelen <jj...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/pkcs15init/profile.c Log Message: ----------- pkcs15init: Avoid using uninitialized memory Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-h5f7-rjr5-vx54 Signed-off-by: Jakub Jelen <jj...@re...> Commit: 7b37d120169bb771b6e5dae79839d35c302e9df1 https://github.com/OpenSC/OpenSC/commit/7b37d120169bb771b6e5dae79839d35c302e9df1 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/pkcs15init/profile.c Log Message: ----------- pkcs15init: Remove tab indentation Commit: e7177c7ca00200afea820d155dca67f38b232967 https://github.com/OpenSC/OpenSC/commit/e7177c7ca00200afea820d155dca67f38b232967 Author: Jakub Jelen <jj...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-cac1.c Log Message: ----------- cac: Correctly calculate certificate length based on the resplen Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-h5f7-rjr5-vx54 Signed-off-by: Jakub Jelen <jj...@re...> Commit: 5e4f26b510b04624386c54816bf26aacea0fe4a1 https://github.com/OpenSC/OpenSC/commit/5e4f26b510b04624386c54816bf26aacea0fe4a1 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-cac.c Log Message: ----------- cac: Fix uninitialized values Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_card/1,fuzz_pkcs11/6 Commit: 1d3b410e06d33cfc4c70e8a25386e456cfbd7bd1 https://github.com/OpenSC/OpenSC/commit/1d3b410e06d33cfc4c70e8a25386e456cfbd7bd1 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-cardos.c Log Message: ----------- cardos: Fix uninitialized values Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_card/2 Commit: cccdfc46b10184d1eea62d07fe2b06240b7fafbc https://github.com/OpenSC/OpenSC/commit/cccdfc46b10184d1eea62d07fe2b06240b7fafbc Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/asn1.c M src/libopensc/card-dnie.c Log Message: ----------- card-dnie: Check APDU response length and ASN1 lengths Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15_decode/10, fuzz_pkcs15_encode/12 Commit: 5fa758767e517779fc5398b6b4faedc4e36d3de5 https://github.com/OpenSC/OpenSC/commit/5fa758767e517779fc5398b6b4faedc4e36d3de5 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/muscle.c Log Message: ----------- muscle: Report invalid SW when reading object Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs11/20, fuzz_pkcs15init/10 Commit: 3562969c90a71b0bcce979f0e6d627546073a7fc https://github.com/OpenSC/OpenSC/commit/3562969c90a71b0bcce979f0e6d627546073a7fc Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-mcrd.c Log Message: ----------- card-mcrd: Check length of response buffer in select Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs11/5,12 fuzz_pkcs15_crypt/9 Commit: bb3dedb71e59bd17f96fd4e807250a5cf2253cb7 https://github.com/OpenSC/OpenSC/commit/bb3dedb71e59bd17f96fd4e807250a5cf2253cb7 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/pkcs15-cert.c Log Message: ----------- pkcs15-cert.c: Initialize OID length In case it is not set later. Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs11/7 Commit: 16ada9dc7cddf1cb99516aea67b6752c251c94a2 https://github.com/OpenSC/OpenSC/commit/16ada9dc7cddf1cb99516aea67b6752c251c94a2 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-gids.c Log Message: ----------- card-gids: Use actual length of reponse buffer Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs11/11 Commit: fdb9e903eb124b6b18a5a9350a26eceb775585bc https://github.com/OpenSC/OpenSC/commit/fdb9e903eb124b6b18a5a9350a26eceb775585bc Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-cac.c Log Message: ----------- cac: Check return value when selecting AID Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs11/14 Commit: f01bfbd19b9c8243a40f7f17d554fe0eb9e89d0d https://github.com/OpenSC/OpenSC/commit/f01bfbd19b9c8243a40f7f17d554fe0eb9e89d0d Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/pkcs15-tcos.c Log Message: ----------- pkcs15-tcos: Check number of read bytes for cert Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs11/15 Commit: 21d869b77792b6f189eebf373e399747177d99e2 https://github.com/OpenSC/OpenSC/commit/21d869b77792b6f189eebf373e399747177d99e2 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-cardos.c Log Message: ----------- cardos: Return error when response length is 0 Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs11/18 Commit: 7d68a7f442e38e16625270a0fdc6942c9e9437e6 https://github.com/OpenSC/OpenSC/commit/7d68a7f442e38e16625270a0fdc6942c9e9437e6 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-piv.c Log Message: ----------- card-piv: Initialize variables for tag and CLA In case they are not later initialize later by sc_asn1_read_tag() function. Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs11/21 Commit: 42d718dfccd2a10f6d26705b8c991815c855fa3b https://github.com/OpenSC/OpenSC/commit/42d718dfccd2a10f6d26705b8c991815c855fa3b Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/pkcs15-sc-hsm.c Log Message: ----------- pkcs15-sc-hsm: Initialize variables for tag and CLA In case they are not later initialize later by sc_asn1_read_tag() function. Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15_crypt/12 Commit: 673065630bf4aaf03c370fc791ef6a6239431214 https://github.com/OpenSC/OpenSC/commit/673065630bf4aaf03c370fc791ef6a6239431214 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/pkcs15-gemsafeV1.c Log Message: ----------- pkcs15-gemsafeV1: Check length of buffer for object Number of actually read bytes may differ from the stated object length. Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15_crypt/15 Commit: efbc14ffa190e3e0ceecceb479024bb778b0ab68 https://github.com/OpenSC/OpenSC/commit/efbc14ffa190e3e0ceecceb479024bb778b0ab68 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-jpki.c Log Message: ----------- card-jpki: Check number of read bytes Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15_encode/18 Commit: 8632ec172beda894581d67eaa991e519a7874f7d https://github.com/OpenSC/OpenSC/commit/8632ec172beda894581d67eaa991e519a7874f7d Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/pkcs15-tcos.c Log Message: ----------- pkcs15-tcos: Check return value of serial num conversion Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15_encode/21 Commit: a1d8c01c1cabd115dda8c298941d1786fb4c5c2f https://github.com/OpenSC/OpenSC/commit/a1d8c01c1cabd115dda8c298941d1786fb4c5c2f Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/pkcs15-tcos.c Log Message: ----------- pkcs15-tcos: Check certificate length before accessing Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15_encode/8 Commit: f9d68660f032ad4d7803431d5fc7577ea8792ac3 https://github.com/OpenSC/OpenSC/commit/f9d68660f032ad4d7803431d5fc7577ea8792ac3 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/pkcs15init/pkcs15-lib.c Log Message: ----------- pkcs15-lib: Report transport key error Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15init/17, fuzz_pkcs15init/18 Commit: a1bcc6516f43d570899820d259b71c53f8049168 https://github.com/OpenSC/OpenSC/commit/a1bcc6516f43d570899820d259b71c53f8049168 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/pkcs15init/pkcs15-starcos.c Log Message: ----------- pkcs15-starcos: Check length of file to be non-zero Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15init/20 Commit: 6baa19596598169d652659863470a60c5ed79ecd https://github.com/OpenSC/OpenSC/commit/6baa19596598169d652659863470a60c5ed79ecd Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/iasecc-sdo.c Log Message: ----------- iasecc-sdo: Check length of data before dereferencing Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15init/21 Commit: ef7b10a18e6a4d4f03f0c47ea81aa8136f3eca60 https://github.com/OpenSC/OpenSC/commit/ef7b10a18e6a4d4f03f0c47ea81aa8136f3eca60 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-oberthur.c Log Message: ----------- card-oberthur: Check length of serial number Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs11/1, fuzz_pkcs15init/2 Commit: e20ca25204c9c5e36f53ae92ddf017cd17d07e31 https://github.com/OpenSC/OpenSC/commit/e20ca25204c9c5e36f53ae92ddf017cd17d07e31 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/pkcs15init/pkcs15-setcos.c Log Message: ----------- pkcs15-setcos: Check length of generated key Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15init/26 Commit: 468a314d76b26f724a551f2eb339dd17c856cf18 https://github.com/OpenSC/OpenSC/commit/468a314d76b26f724a551f2eb339dd17c856cf18 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/iasecc-sdo.c Log Message: ----------- iasecc-sdo: Check length of data when parsing Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15init/27,29 Commit: 2b6cd52775b5448f6a993922a30c7a38d9626134 https://github.com/OpenSC/OpenSC/commit/2b6cd52775b5448f6a993922a30c7a38d9626134 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/pkcs15init/pkcs15-sc-hsm.c Log Message: ----------- pkcs15-sc-hsm: Properly check length of file list Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15init/8 Commit: dd554a2e1e31e6cb75c627c653652696d61e8de8 https://github.com/OpenSC/OpenSC/commit/dd554a2e1e31e6cb75c627c653652696d61e8de8 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-coolkey.c Log Message: ----------- card-coolkey: Check length of buffer before conversion Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15_reader/3 Commit: aa102cd9abe1b0eaf537d9dd926844a46060d8bc https://github.com/OpenSC/OpenSC/commit/aa102cd9abe1b0eaf537d9dd926844a46060d8bc Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-entersafe.c Log Message: ----------- card-entersafe: Check length of serial number Thanks Matteo Marini for report https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8 fuzz_pkcs15_reader/5 Commit: 265b28344d036a462f38002d957a0636fda57614 https://github.com/OpenSC/OpenSC/commit/265b28344d036a462f38002d957a0636fda57614 Author: Veronika Hanulíková <vha...@re...> Date: 2024-09-11 (Wed, 11 Sep 2024) Changed paths: M src/libopensc/card-cardos.c Log Message: ----------- card-cardos: Check length of APDU response Compare: https://github.com/OpenSC/OpenSC/compare/0783c1c6c039...265b28344d03 To unsubscribe from these emails, change your notification settings at https://github.com/OpenSC/OpenSC/settings/notifications |
