[pkg-opensc-maint] Bug#910786: opensc: No longer recognizes Yubikey NEO after upgrade to 0.16.0-3+deb9u1

Hilko Bengen bengen at debian.org
Thu Oct 11 22:32:49 BST 2018


after some digging and testing, I come to the conclusion that the the
immediate cause for the breakage I reported is the change made to the
piv_general_io() function (src/libopensc/card-piv.c, expanded for
context): Because rbuflen is set to zero, sc_asn1_read_tag will never
read/parse an ASN.1 tag.

Reverting this single change seems to fix my problems, however this
leaves the clear possibility for overflowing receive buffers that are
passed into the function, this has so far only worked by accident...


@@ -525,15 +525,16 @@ static int piv_general_io(sc_card_t *card, int ins, int p1, int p2,
 	rbuflen = 0;  /* in case rseplen < 3  i.e. not parseable */
 	if ( recvbuflen && recvbuf && apdu.resplen > 3) {
 		*recvbuflen = 0;
 		/* we should have all the tag data, so we have to tell sc_asn1_find_tag
 		 * the buffer is bigger, so it will not produce "ASN1.tag too long!" */
 		body = rbuf;
-		if (sc_asn1_read_tag(&body, 0xffff, &cla_out, &tag_out, &bodylen) !=  SC_SUCCESS) 		{
+		if (sc_asn1_read_tag(&body, rbuflen, &cla_out, &tag_out, &bodylen) !=  SC_SUCCESS
+				|| body == NULL)  {
 			/* only early beta cards had this problem */
 			sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "***** received buffer tag MISSING ");
 			body = rbuf;
 			/* some readers/cards might return 6c 00 */
 			if (apdu.sw1 == 0x61  || apdu.sw2 == 0x6c )
 				bodylen = 12000;

More information about the pkg-opensc-maint mailing list