scd:p15: Handle cards with bad encoded path objects.

* scd/app-p15.c (read_ef_prkdf, read_ef_pukdf) (read_ef_cdf, read_ef_aodf): Allow for a zero length path and correctly skip unsupported auth types. -- Signed-off-by: Werner Koch <wk@gnupg.org> Backported-from-master: 7a8545c91b
2025-07-03 22:56:33 +02:00 · 2021-06-16 20:39:00 +02:00 · 2021-06-16 20:39:00 +02:00 · 88606cc484
commit 88606cc484
parent 1d6ed0a1b4
1 changed files with 13 additions and 9 deletions
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@ -1919,10 +1919,12 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
      if (err)
        goto parse_error;

-      /* Make sure that the next element is a non zero path and of
-         even length (FID are two bytes each). */
+      /* Make sure that the next element has a path of even length
+       * (FIDs are two bytes each).  We should check that the path
+       * length is non-zero but some cards return a zero length path
+       * nevertheless (e.g. A.E.T. Europe Java applets). */
      if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING
-          ||  !objlen || (objlen & 1) )
+          || (objlen & 1) )
        {
          errstr = "invalid path reference";
          goto parse_error;
@ -2228,10 +2230,10 @@ read_ef_pukdf (app_t app, unsigned short fid, pukdf_object_t *result)
      if (err)
        goto parse_error;

-      /* Make sure that the next element is a non zero path and of
-         even length (FID are two bytes each). */
+      /* Make sure that the next element has a path of even length
+       * (FIDs are two bytes each).  */
      if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING
-          ||  !objlen || (objlen & 1) )
+          ||  (objlen & 1) )
        {
          errstr = "invalid path reference";
          goto parse_error;
@ -2528,10 +2530,10 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result)
      if (err)
        goto parse_error;

-      /* Make sure that the next element is a non zero path and of
-         even length (FID are two bytes each). */
+      /* Make sure that the next element has a path of even length
+       * (FIDs are two bytes each).  */
      if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING
-          ||  !objlen || (objlen & 1) )
+          || (objlen & 1) )
        {
          errstr = "invalid path reference";
          goto parse_error;
@ -2783,6 +2785,8 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
            case 2: errstr = "external auth type are not supported"; break;
            default: errstr = "unknown privateKeyObject"; break;
            }
+          p += objlen;
+          n -= objlen;
          goto parse_error;
        }
      else