1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
From 6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 23 Oct 2019 09:22:44 +0200
Subject: [PATCH] pkcs15-prkey: Simplify cleaning memory after failure
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478
Upstream-Status: Accepted
CVE: CVE-2019-19480
Reference to upstream patch:
https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7
---
src/libopensc/pkcs15-prkey.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/libopensc/pkcs15-prkey.c b/src/libopensc/pkcs15-prkey.c
index d3eee983..4b249582 100644
--- a/src/libopensc/pkcs15-prkey.c
+++ b/src/libopensc/pkcs15-prkey.c
@@ -258,6 +258,10 @@ int sc_pkcs15_decode_prkdf_entry(struct sc_pkcs15_card *p15card,
memset(gostr3410_params, 0, sizeof(gostr3410_params));
r = sc_asn1_decode_choice(ctx, asn1_prkey, *buf, *buflen, buf, buflen);
+ if (r < 0) {
+ /* This might have allocated something. If so, clear it now */
+ free(info.subject.value);
+ }
if (r == SC_ERROR_ASN1_END_OF_CONTENTS)
return r;
LOG_TEST_RET(ctx, r, "PrKey DF ASN.1 decoding failed");
--
2.17.1
|