commit 65fc211015cfcac27b10d0876054156c97225f50
Author: Jakub Jelen <jjelen@redhat.com>
Date:   Tue Nov 25 15:58:02 2025 +0100

    pkcs15: Avoid buffer overrun on invalid data
    
    Invalid data can contain zero-length buffer, which after copying
    was dereferenced without length check
    
    Credit: Aldo Ristori
    
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Index: opensc-0.26.1/src/libopensc/pkcs15-pubkey.c
===================================================================
--- opensc-0.26.1.orig/src/libopensc/pkcs15-pubkey.c
+++ opensc-0.26.1/src/libopensc/pkcs15-pubkey.c
@@ -1328,6 +1328,10 @@ sc_pkcs15_pubkey_from_spki_fields(struct
 	       "sc_pkcs15_pubkey_from_spki_fields() called: %p:%"SC_FORMAT_LEN_SIZE_T"u\n%s",
 	       buf, buflen, sc_dump_hex(buf, buflen));
 
+	if (buflen < 1) {
+		LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "subjectPublicKeyInfo can not be empty");
+	}
+
 	tmp_buf = malloc(buflen);
 	if (!tmp_buf) {
 		r = SC_ERROR_OUT_OF_MEMORY;