From patchwork Thu Jan 16 13:45:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 55666 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B7EFC02183 for ; Thu, 16 Jan 2025 13:45:30 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web10.49031.1737035115114876043 for ; Thu, 16 Jan 2025 05:45:15 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=3111d49cac=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 50GD2q3S021049 for ; Thu, 16 Jan 2025 05:45:15 -0800 Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2040.outbound.protection.outlook.com [104.47.66.40]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 443mt75e1q-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 16 Jan 2025 05:45:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=oR8/4DBe0BcSrYVbYEj2QOyjBdZfrBPHWD3OrtwqUrzwIeAyiSLSTnfzm28iKAvwRNlv9rJsLsCBmnPh1gaagm7m7hbWKbRHxHbcLvvtBV3BBt6o5KihRcrf0o05keDaPw4PF+9ocn92sNz5XqnhMMoHxH7As/53QZmgxH6XoaCPs9pVpIUFpu/J2OAjlg1aaIOuECHyUTC9I4LxPgTXWqxB0UFy7sr/no9/YTV1BfiEIezP13y+rHJM7IS1aov1LaiHjjv0Tpyo86v1CUL2Xv/+FGmZMNy0UZHGl7VCR0PRAOt5wai0NnPO7VFcY0aV+LtoLjUkjV8SXD6t1t3EIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dkSrl6++cQBCwkF65TolIb+sYAhhk1otaeN7plFWPg0=; b=yq4z9V04Tq8EX30NPLLztCiqhRU4EFwXJjB055/fxs8y6zBZXT4YR5SfE5lhsIUq5dRVaAUGuPWHXHfm6VPiAg42SyLolG2JndpAFHuVcqwkC3yIKIhf4gSAJv/Wzxd6ydV/eJ5hCQt40PNhzoxKmT0u1QOgVtEE4woRnZOiFMzO34t2i/02pIIy0BrXWa8Zmb5SNEbDiGMXENZSgD6W5EjWH9QQe0PAD1Ic/qESpS9gcik9iLmueF4xyrtIjPp4sRkNpMVJh0LVfaEDRBw6dxfyHBJgZF95i+FX2ac/7OaBRYkwQOm7VIMtlcfRLsJpxQODsA0QQl9ztyXHMp24VQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by DS0PR11MB7444.namprd11.prod.outlook.com (2603:10b6:8:146::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.12; Thu, 16 Jan 2025 13:45:12 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%7]) with mapi id 15.20.8356.010; Thu, 16 Jan 2025 13:45:12 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 2/2] opensc: fix CVE-2024-8443 Date: Thu, 16 Jan 2025 21:45:01 +0800 Message-Id: <20250116134501.348974-2-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250116134501.348974-1-peng.zhang1.cn@windriver.com> References: <20250116134501.348974-1-peng.zhang1.cn@windriver.com> X-ClientProxiedBy: TY2PR06CA0024.apcprd06.prod.outlook.com (2603:1096:404:42::36) To CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_|DS0PR11MB7444:EE_ X-MS-Office365-Filtering-Correlation-Id: e406b434-5c3f-450a-b697-08dd3633ffd3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|366016|376014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: =?utf-8?q?ZhGgLzxFkCe/RRO1yr04FnKWxqQnnVu?= =?utf-8?q?fou0Zku/IGkrpTSDEvjdLii9ll3xZNMc4zvCauNIGWfa8MsTmQclP4PIMuTsBwo1T?= =?utf-8?q?4U94Wa3DJg2H123j7VjEk1UYG7I49AU9D4QM0Q7W/aAABsjwZHTiN/ikPjvT1XoKH?= =?utf-8?q?PhzMFFy0SkDYNwt8TotprAENwYVRM2KjqmzJ9USOFA3FdZliuy2Dg3Dpk0vQz9xy3?= =?utf-8?q?u0IFrEmQfw2uAM7CjHbt7dg6Qb/64LehBQI1xpJcwzZ+k8u45yjbsd5qar91tonFI?= =?utf-8?q?zIBwISLzG/TCeT11Ac0YjUIBVQTjUyg1hSWpACxIRxaWDLwD5Y3w2j+3UmF1ED51S?= =?utf-8?q?pNv/ZwULJcF10XY4KJaybwrf0HxbeJjpw/aHJlYKP8wm36L22HqxK1tA1oURwwuni?= =?utf-8?q?A2wbsEr8Q4SUwVDlqlaty930qejXv/I8CxP7Fr6VgWtzh46ZVHGL9Im5GYyKnkIqo?= =?utf-8?q?mLpWb8HEfqrpJwKuD0XmCgQueHKMfxUUsZKkx+iDKc9f8lFmR4iAmfLct5QQR2e7f?= =?utf-8?q?04MH579eMfCJgETDHMkUrMgaLG60NJ1iYlC66dV4ipl/NHEsujiHWzLtdzcFuuoFI?= =?utf-8?q?GdWxZ8PK0X56Q609u9HA4aIFAkRM1qgtYcPDBhI+owLq7ecpWmTpVvEFOsG3JZEtP?= =?utf-8?q?cyF6cgl9bMu7yJ/14sAD3XGumP32k7Op1XiwxfBG2S3VOYFv9ItYI6Y3FSZ/OElJt?= =?utf-8?q?VSdjbiluMvU6+RKLJ9fDke92DSEp/cNse8cYxoehbzDgQs3SvHf6Y77CIb0RtBGTT?= =?utf-8?q?5OiYq5q4SD+Z7ZbGyEwYEyk0LqyZDz3U6PEabf+N9KNF6EoT23WC0f0Qo3X73mxEA?= =?utf-8?q?bIzsER3qE/tMVktZZXIOyEHQkVCBcrBr04C47k1hcLA28Li5+g3nRmyyusm+UbiIs?= =?utf-8?q?1eWWn2gtEm2VYRAj9PQlbKvmojkrBnIyZxzbhZhYEStoA6BgnfjuLFczRxw0d2Oni?= =?utf-8?q?VRbhW5AS9Hi4uAdWJiN9z45kJJjEZt+LGgxP8Ml7mB37981hVnvJBfHefKLfOq+ky?= =?utf-8?q?ncLRlfuuR8jfaXbhMyH3eGfC5jp8WGPWOcaC8mJqppPYN+0/3vZ7PDUAzNZpJQs81?= =?utf-8?q?0zb8saxx1mQ16OJ/oylw9yG5eTwnKUelE/kFAsctjUGrrVvCA5w/z9aB/10+pVqpa?= =?utf-8?q?HYSMLD/RoIR4MU6h7Rd9krZnGl1rvFb1MZKKb2i6AQ0Ly1kUqsKjZLmxxQCFZCQ8s?= =?utf-8?q?WONlqfXDFbCZ9f9K3qnBvSXBNwu8GGftAqkGzDPhFglyzRlcG0YmQ7E+b8fvXhngH?= =?utf-8?q?aNHO2ZH0hdOKrMW5tOXe3p69ab8HJehrQMQqg9GbS5U1J8q5F7kDJNroNpCAe868c?= =?utf-8?q?dDACPKNyb1aohV5rGsTS9sqxN2/6YKmNbA=3D=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?lxEXh8mAOSggMyjdIENKjBt5+/D8?= =?utf-8?q?d7jyK4nMOGwcV+JZO22vxw9HwRN5Rm+ZI4RHz3ScVCee7uc5TbrHgyI2uFKf+wqid?= =?utf-8?q?8swexWlDONveI93eP/SUwfcVtB8r1qGqe6RS9xVMhZ8Z5qgEDpNUfX8JeCfslZATy?= =?utf-8?q?fw+KzqDS0IDBtOpylywswtqBOQvY61CPHqIgKCi1A3WtWwFLXFdGdjx/3iUtlg7AY?= =?utf-8?q?N8tba52P4L7cSL5r9mQbkbKN0zlLR1gYpT+M+7bJtA1bNuPYmten8LWNYTgY+7/BS?= =?utf-8?q?0t+1Qq0S4k0j1OMtTlsBxjKALTTu5HKBuvnGi+UbqGBbhOM53CSid+oBvUacSgZ6l?= =?utf-8?q?itt1pHo/wCQolDFln0yh063505X63Xz+RldtZWiUKrjNO87uWT+l0/cMgmXDYldtg?= =?utf-8?q?wjHvss9ouolqXF8seqwz6r9oaxWtsFraX2dqoh5Z7cRJBj+0ljQkZ4zgGb8fVnit3?= =?utf-8?q?oIWlVuFbyk7pY/A8zPB9k8o+6dB4xZ9t6Ul8zPEUvzRJWf4oqRVL6l+UBFPjSFjHj?= =?utf-8?q?+3p9hlNNqyrj6U8M5LYf/gm5wsIT16KBeRLsiIHM+jHdjN1m/R+009CMUspNxahdf?= =?utf-8?q?3X2zQzjU+Lm3LXDzBsNrPjurYgFcTnLgiP9CvqZ8FYKWDg1h57A+UrAiF7Kym9/NY?= =?utf-8?q?4YuOsdJldcWrBwDaDFsyW+7/bZZzIfTrlpVq4DLMv7r9b3WHDSc3rSry5rzYrWGjU?= =?utf-8?q?c18MNcnLJVFTf9Ig89MPvCCx9cjC8ntBIHlWq0PhvvcFvq2MtNMPYt8QJ5+iihUNL?= =?utf-8?q?Rauq7ZJSwfyD4m8GZw1Lp1+PEmljUGC8u9NQZvd55j7QLjeJAPMwbB9qBRQ18xXsm?= =?utf-8?q?ycGCC8IxrVru+YvYv9iRVHaWxVUlEnS7THZwdiIzpG3WT1ygK1c5k5J2u4BUAfsMu?= =?utf-8?q?y/JYP8L5oVtNyD/zE1d/Ni9kn3GFvuTCYat7KIcUd+Vr8q4TxQadPHUy7k7gojBvy?= =?utf-8?q?l8cKsws/USZsp1Otjqhnm6fDJLdCB8Fl/Zo6hf4Gt4QKj//7Q6rFVa/1XrOsZDOfc?= =?utf-8?q?h2vjwqnE8NUHX00RIEv0PgLSqlz0nUkYRgIbC+aReN8W3qY+SlukrKj74GyyY3NNo?= =?utf-8?q?RZioqYpzsSgsgfKcCQ1kxzC8bRJ3bFT5OOyTblIrjcGweDUPgQ43bglFqYXJ/bNy5?= =?utf-8?q?vIwzblg1uXJQXUzB0+5upA+Y1gybCgffJkYn3CgFOdD5FFOUOUOpXGYZTzxsDa37B?= =?utf-8?q?xl+LsQvXy+4edyw7Wl9Xnt2wIJ2zFSX8IDETzMhF5r1yEBhIcqxZheuufq1W4/Puc?= =?utf-8?q?mg+7WFrtaNDSi6uOuCLOBSUPh3MnC2UcYMa2VMaQTEvC6cmhb0otVmUBGtfLVRlmA?= =?utf-8?q?g3NrCneiEu3ia5+WMfoaOGjjjD2IvIhQkB8TuvE7GMPC+V2siqDByzvarOp6ZiLQg?= =?utf-8?q?8D74Mnx5u6nJ7ZAXne2y5cApeLC9tbOOoy8Me1LnC5EOi+WoclbgplEY6D8wpXbZ9?= =?utf-8?q?5e9xIR4EmZNvpZ8hhv4gxxoCAXd48B5iBhMVi17Q8O1i5lYdvZ87a798fJQauVUWd?= =?utf-8?q?pWG8jtx9yn2Gg8LCrIpKn/1ZnjXKSvL2xw=3D=3D?= X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: e406b434-5c3f-450a-b697-08dd3633ffd3 X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8562.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jan 2025 13:45:12.1404 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2NRjeunX/39bGClyGkQftpGTXatWOg+776Azxg5YUivAEpgdZyFon+98POftuv0GOQU32fStc0YFAGqvTkoj8iJlN+9384kYxQ1NL7nl1SA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR11MB7444 X-Proofpoint-ORIG-GUID: 6ndl-s6Lkhe_wcroQeSDBWbi3-Lquh-m X-Authority-Analysis: v=2.4 cv=SeoNduRu c=1 sm=1 tr=0 ts=67890d6a cx=c_pps a=+kc2f53xTGsvuL7uaCOpcA==:117 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=IkcTkHD0fZMA:10 a=VdSt8ZQiCzkA:10 a=bRTqI5nwn0kA:10 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=cm27Pg_UAAAA:8 a=t7CeM3EgAAAA:8 a=20KFwNOVAAAA:8 a=7p7RPr-GalsxoHJJx9wA:9 a=3ZKOabzyN94A:10 a=QEXdDO2ut3YA:10 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: 6ndl-s6Lkhe_wcroQeSDBWbi3-Lquh-m X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-16_05,2025-01-16_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 mlxlogscore=999 mlxscore=0 impostorscore=0 priorityscore=1501 lowpriorityscore=0 bulkscore=0 malwarescore=0 phishscore=0 suspectscore=0 adultscore=0 classifier=spam authscore=0 adjust=0 reason=mlx scancount=1 engine=8.21.0-2411120000 definitions=main-2501160104 X-MIME-Autoconverted: from 8bit to quoted-printable by mx0a-0064b401.pphosted.com id 50GD2q3S021049 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 16 Jan 2025 13:45:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/114914 From: Zhang Peng CVE-2024-8443: The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-8433] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e] [https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc] Signed-off-by: Zhang Peng --- .../opensc/files/CVE-2024-8443-0001.patch | 60 +++++++++++++++++++ .../opensc/files/CVE-2024-8443-0002.patch | 55 +++++++++++++++++ .../recipes-support/opensc/opensc_0.25.1.bb | 2 + 3 files changed, 117 insertions(+) create mode 100644 meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch create mode 100644 meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch new file mode 100644 index 000000000..7d80aba76 --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch @@ -0,0 +1,60 @@ +From b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Mon, 12 Aug 2024 19:02:14 +0200 +Subject: [PATCH] openpgp: Do not accept non-matching key responses + +When generating RSA key pair using PKCS#15 init, the driver could accept +responses relevant to ECC keys, which made further processing in the +pkcs15-init failing/accessing invalid parts of structures. + +Thanks oss-fuzz! + +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71010 + +Signed-off-by: Jakub Jelen + +CVE: CVE-2024-8443 +Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc] + +Signed-off-by: Zhang Peng +--- + src/libopensc/card-openpgp.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c +index fad32f0ce..f99ec0db9 100644 +--- a/src/libopensc/card-openpgp.c ++++ b/src/libopensc/card-openpgp.c +@@ -2877,6 +2877,9 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len, + + /* RSA modulus */ + if (tag == 0x0081) { ++ if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA) { ++ LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED); ++ } + if ((BYTES4BITS(key_info->u.rsa.modulus_len) < len) /* modulus_len is in bits */ + || key_info->u.rsa.modulus == NULL) { + +@@ -2892,6 +2895,9 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len, + } + /* RSA public exponent */ + else if (tag == 0x0082) { ++ if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA) { ++ LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED); ++ } + if ((BYTES4BITS(key_info->u.rsa.exponent_len) < len) /* exponent_len is in bits */ + || key_info->u.rsa.exponent == NULL) { + +@@ -2907,6 +2913,10 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len, + } + /* ECC public key */ + else if (tag == 0x0086) { ++ if (key_info->algorithm != SC_OPENPGP_KEYALGO_ECDSA && ++ key_info->algorithm != SC_OPENPGP_KEYALGO_ECDH) { ++ LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED); ++ } + /* set the output data */ + /* len is ecpoint length + format byte + * see section 7.2.14 of 3.3.1 specs */ +-- +2.34.1 diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch new file mode 100644 index 000000000..30a7e63a7 --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch @@ -0,0 +1,55 @@ +From 02e847458369c08421fd2d5e9a16a5f272c2de9e Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Thu, 15 Aug 2024 11:13:47 +0200 +Subject: [PATCH] openpgp: Avoid buffer overflow when writing fingerprint + +Fix also surrounding code to return error (not just log it) +when some step fails. + +Thanks oss-fuzz + +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70933 + +Signed-off-by: Jakub Jelen + +CVE: CVE-2024-8443 +Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e] + +Signed-off-by: Zhang Peng +--- + src/libopensc/card-openpgp.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c +index f99ec0db9..3957440de 100644 +--- a/src/libopensc/card-openpgp.c ++++ b/src/libopensc/card-openpgp.c +@@ -2756,14 +2756,21 @@ pgp_calculate_and_store_fingerprint(sc_card_t *card, time_t ctime, + /* update the blob containing fingerprints (00C5) */ + sc_log(card->ctx, "Updating fingerprint blob 00C5."); + fpseq_blob = pgp_find_blob(card, 0x00C5); +- if (fpseq_blob == NULL) +- LOG_TEST_GOTO_ERR(card->ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot find blob 00C5"); ++ if (fpseq_blob == NULL) { ++ r = SC_ERROR_OUT_OF_MEMORY; ++ LOG_TEST_GOTO_ERR(card->ctx, r, "Cannot find blob 00C5"); ++ } ++ if (20 * key_info->key_id > fpseq_blob->len) { ++ r = SC_ERROR_OBJECT_NOT_VALID; ++ LOG_TEST_GOTO_ERR(card->ctx, r, "The 00C5 blob is not large enough"); ++ } + + /* save the fingerprints sequence */ + newdata = malloc(fpseq_blob->len); +- if (newdata == NULL) +- LOG_TEST_GOTO_ERR(card->ctx, SC_ERROR_OUT_OF_MEMORY, +- "Not enough memory to update fingerprint blob 00C5"); ++ if (newdata == NULL) { ++ r = SC_ERROR_OUT_OF_MEMORY; ++ LOG_TEST_GOTO_ERR(card->ctx, r, "Not enough memory to update fingerprint blob 00C5"); ++ } + + memcpy(newdata, fpseq_blob->data, fpseq_blob->len); + /* move p to the portion holding the fingerprint of the current key */ +-- +2.34.1 diff --git a/meta-oe/recipes-support/opensc/opensc_0.25.1.bb b/meta-oe/recipes-support/opensc/opensc_0.25.1.bb index 74738247b..e41c457fa 100644 --- a/meta-oe/recipes-support/opensc/opensc_0.25.1.bb +++ b/meta-oe/recipes-support/opensc/opensc_0.25.1.bb @@ -15,6 +15,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7" SRCREV = "0a4b772d6fdab9bfaaa3123775a48a7cb6c5e7c6" SRC_URI = "git://github.com/OpenSC/OpenSC;branch=stable-0.25;protocol=https \ file://0001-PR-Fixes-for-uninitialized-memory-issues.patch \ + file://CVE-2024-8443-0001.patch \ + file://CVE-2024-8443-0002.patch \ " DEPENDS = "virtual/libiconv openssl"