dogtagpki / pki

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
https://www.dogtagpki.org
GNU General Public License v2.0
367 stars 136 forks source link

CoolKey Javacard applet integer overflow error #2235

Open pki-bot opened 4 years ago

pki-bot commented 4 years ago

This issue was migrated from Pagure Issue #1676. Originally filed by jmagne (@jmagne) on 2015-10-22 23:39:12:


The CoolKey Javacard applet used by the SC650 Smart Card contains an Integer Overflow Error. The vulnerability is persistent in the most recent version currently hosted online at http://svn.fedorahosted.org/svn/coolkey

Specifically, there is an unhandled integer overflow error within the ReadObject() method in the cardedge.java file of the CoolKey package. Two short integer variables 'offset' and 'size' may be considered tainted inputs from the host machine, and specially chosen values of 'offset' and 'size' allow passage through all of the exception handling to allow execution of the sendData() method with an improperly chosen offset.

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2015-11-03 01:09:50

Per CS/DS meeting of 11/02/2015: 10.3

pki-bot commented 4 years ago

Comment from jmagne (@jmagne) at 2016-06-04 02:52:54

Have the simple one line fix for the applet compiled.

Completed a gpshell script to test the fix with the old and fixed applet to view the difference in behavior.

Have run the tests on an enrolled card and it works as expect.

Now need a quick review by BobR and a build before the new applet can be checked into TPS.

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2016-06-24 00:35:34

Per PKI Bug Council of 06/23/2016: 10.4

pki-bot commented 4 years ago

Comment from jmagne (@jmagne) at 2017-02-27 14:08:19

Metadata Update from @jmagne:

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2017-03-03 19:58:04

Metadata Update from @mharmsen:

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2017-08-09 12:47:05

Per CS/DS Meeting of August 7, 2017, it was determined to move this issue from 10.4 ==> FUTURE.

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2017-08-09 12:47:06

Metadata Update from @mharmsen: