CoolKey Javacard applet integer overflow error - Githubissues

dogtagpki / pki

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.

https://www.dogtagpki.org

GNU General Public License v2.0

378 stars 138 forks source link

CoolKey Javacard applet integer overflow error #2235

Open pki-bot opened 4 years ago

pki-bot commented 4 years ago

This issue was migrated from Pagure Issue #1676. Originally filed by jmagne (@jmagne) on 2015-10-22 23:39:12:

Assigned to jmagne (@jmagne)
Associated bugzillas
- https://bugzilla.redhat.com/show_bug.cgi?id=1256522

The CoolKey Javacard applet used by the SC650 Smart Card contains an Integer Overflow Error. The vulnerability is persistent in the most recent version currently hosted online at http://svn.fedorahosted.org/svn/coolkey

Specifically, there is an unhandled integer overflow error within the ReadObject() method in the cardedge.java file of the CoolKey package. Two short integer variables 'offset' and 'size' may be considered tainted inputs from the host machine, and specially chosen values of 'offset' and 'size' allow passage through all of the exception handling to allow execution of the sendData() method with an improperly chosen offset.

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2015-11-03 01:09:50

Per CS/DS meeting of 11/02/2015: 10.3

pki-bot commented 4 years ago

Comment from jmagne (@jmagne) at 2016-06-04 02:52:54

Have the simple one line fix for the applet compiled.

Completed a gpshell script to test the fix with the old and fixed applet to view the difference in behavior.

Have run the tests on an enrolled card and it works as expect.

Now need a quick review by BobR and a build before the new applet can be checked into TPS.

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2016-06-24 00:35:34

Per PKI Bug Council of 06/23/2016: 10.4

pki-bot commented 4 years ago

Comment from jmagne (@jmagne) at 2017-02-27 14:08:19

Metadata Update from @jmagne:

Issue assigned to jmagne
Issue set to the milestone: UNTRIAGED

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2017-03-03 19:58:04

Metadata Update from @mharmsen:

Custom field feature adjusted to ''
Custom field proposedmilestone adjusted to ''
Custom field proposedpriority adjusted to ''
Custom field reviewer adjusted to ''
Custom field version adjusted to ''
Issue close_status updated to: None
Issue set to the milestone: 10.4 (was: UNTRIAGED)

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2017-08-09 12:47:05

Per CS/DS Meeting of August 7, 2017, it was determined to move this issue from 10.4 ==> FUTURE.

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2017-08-09 12:47:06

Metadata Update from @mharmsen:

Issue set to the milestone: FUTURE (was: 10.4)