File _service:obs_scm:opensc-CVE-2024-45620.patch of Package opensc

commit a1bcc6516f43d570899820d259b71c53f8049168
Author: Veronika Hanulíková <vhanulik@redhat.com>
Date:   Thu Jul 18 09:23:20 2024 +0200

pkcs15-starcos: Check length of file to be non-zero
    
    Thanks Matteo Marini for report
    https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
    
    fuzz_pkcs15init/20

Index: opensc-0.25.1/src/pkcs15init/pkcs15-starcos.c
===================================================================
--- opensc-0.25.1.orig/src/pkcs15init/pkcs15-starcos.c
+++ opensc-0.25.1/src/pkcs15init/pkcs15-starcos.c
@@ -670,6 +670,8 @@ static int starcos_write_pukey(sc_profil
 		return r;
 	len = tfile->size;
 	sc_file_free(tfile);
+	if (len == 0)
+		return SC_ERROR_INTERNAL;
 	buf = malloc(len);
 	if (!buf)
 		return SC_ERROR_OUT_OF_MEMORY;
@@ -684,7 +686,7 @@ static int starcos_write_pukey(sc_profil
 	if (num_keys == 0xff)
 		num_keys = 0;
 	/* encode public key */
-	keylen  = starcos_encode_pukey(rsa, NULL, kinfo);
+	keylen = starcos_encode_pukey(rsa, NULL, kinfo);
 	if (!keylen) {
 		free(buf);
 		return SC_ERROR_INTERNAL;
Index: opensc-0.25.1/src/libopensc/iasecc-sdo.c
===================================================================
--- opensc-0.25.1.orig/src/libopensc/iasecc-sdo.c
+++ opensc-0.25.1/src/libopensc/iasecc-sdo.c
@@ -318,16 +318,26 @@ iasecc_se_parse(struct sc_card *card, un
 
 	LOG_FUNC_CALLED(ctx);
 
+        if (data_len < 1)
+                LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
+
 	if (*data == IASECC_SDO_TEMPLATE_TAG)   {
 		size_size = iasecc_parse_size(data + 1, data_len - 1, &size);
 		LOG_TEST_RET(ctx, size_size, "parse error: invalid size data of IASECC_SDO_TEMPLATE");
 
+                if (data_len - 1 < size)
+                       LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
+
+
 		data += size_size + 1;
 		data_len = size;
 		sc_log(ctx,
 		       "IASECC_SDO_TEMPLATE: size %"SC_FORMAT_LEN_SIZE_T"u, size_size %d",
 		       size, size_size);
 
+                if (data_len < 3)
+                        LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
+
 		if (*data != IASECC_SDO_TAG_HEADER)
 			LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
 
@@ -759,6 +769,8 @@ iasecc_sdo_parse(struct sc_card *card, u
 	int rv;
 
 	LOG_FUNC_CALLED(ctx);
+	if (data == NULL || data_len < 2)
+		LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
 
 	if (*data == IASECC_SDO_TEMPLATE_TAG)   {
 		size_size = iasecc_parse_size(data + 1, data_len - 1, &size);