Menu
▾
▴
[Opensc-commits] [OpenSC/OpenSC] ab568f: iasecc: Properly set resplen when emulating fcp (1)
|
From: Jakub J. <no...@gi...> - 2025-12-08 12:20:51
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: ab568f0a420931d5372bc8657f4024ca6d0e3285 https://github.com/OpenSC/OpenSC/commit/ab568f0a420931d5372bc8657f4024ca6d0e3285 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- iasecc: Properly set resplen when emulating fcp (1) Previously, this could lead to use uninitialized memory as the caller would handle the returned apdu buffer as longer than it actually is. Thanks Matteo Marini for the report! Signed-off-by: Jakub Jelen <jj...@re...> Commit: f29e937aa77ad000cd65cc1806972203bd3b0f43 https://github.com/OpenSC/OpenSC/commit/f29e937aa77ad000cd65cc1806972203bd3b0f43 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/pkcs15init/pkcs15-entersafe.c Log Message: ----------- entersafe: Avoid using uninitialized memory (2) Initialize the variable to prevent accessing uninitialized members when they are encoded into the APDU. Thanks Matteo Marini for the report! Signed-off-by: Jakub Jelen <jj...@re...> Commit: 7e3dcae1d14e898dfed00ce8aa1d1bfeaee7c936 https://github.com/OpenSC/OpenSC/commit/7e3dcae1d14e898dfed00ce8aa1d1bfeaee7c936 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/pkcs15-atrust-acos.c M src/libopensc/pkcs15-starcert.c Log Message: ----------- starcert: Avoid using uninitialized values (3) Previously, the read could return small response, which would result in accessin uninitialized parts of the buffer. Thanks Matteo Marini for the report! Signed-off-by: Jakub Jelen <jj...@re...> Commit: a998551ca19f2bd0e664c59d415675c062e3920b https://github.com/OpenSC/OpenSC/commit/a998551ca19f2bd0e664c59d415675c062e3920b Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/pkcs15init/pkcs15-oberthur.c Log Message: ----------- oberthur: Avoid using uninitialized value (4) The mismatch between the requested pubkey length and returned pubkey could result in using uninitialized memory when the card would return smaller modulus. Thanks Matteo Marini for the report! Signed-off-by: Jakub Jelen <jj...@re...> Commit: c1d3ebb130f909eff2aef1924f28f3d4c04786a6 https://github.com/OpenSC/OpenSC/commit/c1d3ebb130f909eff2aef1924f28f3d4c04786a6 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/pkcs15init/profile.c Log Message: ----------- profile: Avoid using uninitialized memory (5) Previously, the get_inner_word() could fail, leaving the second argument uninitialized when the macro name was too long. By checking the return value, we should catch this error and avoid using uninitialized memory. Rest is fixing typos and rewriting for more clarity. Thanks Matteo Marini for the report! Signed-off-by: Jakub Jelen <jj...@re...> Commit: 7aafe6f8c4a962d8ee9208a62272b6b38d6db9f6 https://github.com/OpenSC/OpenSC/commit/7aafe6f8c4a962d8ee9208a62272b6b38d6db9f6 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/iasecc-sdo.c Log Message: ----------- iasecc: Avoid using uninitialized memory (6) The parsed length from data did not take into the account the buffer bounds, which could result in accessing uninitialized memory. This change verifies the parsed size fits into the allocated buffer and following checks make sure we do not go behind the initialized buffer bounds. Thanks Matteo Marini for the report! Signed-off-by: Jakub Jelen <jj...@re...> Commit: 267111f2e3b766e5ad985105cd1a3416d569ff89 https://github.com/OpenSC/OpenSC/commit/267111f2e3b766e5ad985105cd1a3416d569ff89 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/card-gemsafeV1.c Log Message: ----------- gemsafeV1: Avoid use of uninitialized memory (fuzz_pkcs15_crypt/1) Signed-off-by: Jakub Jelen <jj...@re...> Commit: 263d29e2f8baf33f329849c82ba9c08ec45f1ad7 https://github.com/OpenSC/OpenSC/commit/263d29e2f8baf33f329849c82ba9c08ec45f1ad7 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/pkcs15-tcos.c Log Message: ----------- tcos: Fix use of uninitialized value (fuzz_pkcs15_crypt/2) Signed-off-by: Jakub Jelen <jj...@re...> Commit: 7000dee0eb7d35246b5e180b39bb4e03b11f1c47 https://github.com/OpenSC/OpenSC/commit/7000dee0eb7d35246b5e180b39bb4e03b11f1c47 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey: Avoid accessing behind buffer bounds (fuzz_pkcs15_crypt/3) Signed-off-by: Jakub Jelen <jj...@re...> Commit: 29122ae779fa8ecb201b0c0b3bdad058b9540262 https://github.com/OpenSC/OpenSC/commit/29122ae779fa8ecb201b0c0b3bdad058b9540262 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/pkcs15-openpgp.c Log Message: ----------- openpgp: Avoid using uninitialized data in the OID (fuzz_pkcs15_crypt/5) Signed-off-by: Jakub Jelen <jj...@re...> Commit: 5b0cda30e8226c41c69735f95234d98eda1be550 https://github.com/OpenSC/OpenSC/commit/5b0cda30e8226c41c69735f95234d98eda1be550 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/card-cac.c Log Message: ----------- cac: Avoid using of uninitialized memory (fuzz_pkcs15_crypt/6) Signed-off-by: Jakub Jelen <jj...@re...> Commit: 61985ce021b386b11a29eb4d27c6a7ae00e8e2a6 https://github.com/OpenSC/OpenSC/commit/61985ce021b386b11a29eb4d27c6a7ae00e8e2a6 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/card-cac.c Log Message: ----------- cac: Avoid using uninitialized memory (fuzz_pkcs15_crypt/9) Signed-off-by: Jakub Jelen <jj...@re...> Commit: bd8687b40f6948278ec115aa7a19ee7274760ce0 https://github.com/OpenSC/OpenSC/commit/bd8687b40f6948278ec115aa7a19ee7274760ce0 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/card-esteid2018.c Log Message: ----------- esteid218: Avoid buffer overrun (fuzz_pkcs15_decode/1) Signed-off-by: Jakub Jelen <jj...@re...> Commit: a89dff3271da2eccd834553a4c0dfb7c543657c5 https://github.com/OpenSC/OpenSC/commit/a89dff3271da2eccd834553a4c0dfb7c543657c5 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/iasecc-sdo.c Log Message: ----------- iasecc: Fix the length check to avoid usage of uninitialized memory (fuzz_pkcs15_encode/6) Signed-off-by: Jakub Jelen <jj...@re...> Commit: 40fbddc46e026618b6a3d0a03e62adc1fb5ca956 https://github.com/OpenSC/OpenSC/commit/40fbddc46e026618b6a3d0a03e62adc1fb5ca956 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/pkcs15-coolkey.c Log Message: ----------- coolkey: Avoid zero-lenght allocations and access of uninitialized memory (fuzz_pkcs15_reader/4) Commit: dc4a1f2617867eb3b2c170ec51dd2bbae0212480 https://github.com/OpenSC/OpenSC/commit/dc4a1f2617867eb3b2c170ec51dd2bbae0212480 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/card-authentic.c Log Message: ----------- authentic: Avoid buffer overrun (fuzz_pkcs15_reader/6) Commit: 6bee48e00e5f869fefee124dafd620c7ff5ba558 https://github.com/OpenSC/OpenSC/commit/6bee48e00e5f869fefee124dafd620c7ff5ba558 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/card-cac.c Log Message: ----------- cac: Improve logging Signed-off-by: Jakub Jelen <jj...@re...> Commit: 35b2f54212db0d6adcc337e456ddc728eeabd044 https://github.com/OpenSC/OpenSC/commit/35b2f54212db0d6adcc337e456ddc728eeabd044 Author: Jakub Jelen <jj...@re...> Date: 2025-12-08 (Mon, 08 Dec 2025) Changed paths: M src/libopensc/card-cac.c Log Message: ----------- cac: Fix possible use of uninitialized memory (fuzz_pkcs15_crypt/4) Signed-off-by: Jakub Jelen <jj...@re...> Compare: https://github.com/OpenSC/OpenSC/compare/767c340a489f...35b2f54212db To unsubscribe from these emails, change your notification settings at https://github.com/OpenSC/OpenSC/settings/notifications |
