Fixed a buffer overflow in ATR decoder (CVE-2010-4531)
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
This commit is contained in:
parent
7d47f6f2cb
commit
6360140a1e
|
@ -0,0 +1,23 @@
|
|||
Index: src/atrhandler.c
|
||||
===================================================================
|
||||
--- src/atrhandler.c (revision 5369)
|
||||
+++ src/atrhandler.c (revision 5370)
|
||||
@@ -232,7 +232,7 @@
|
||||
psExtension->ATR.HistoryLength = K;
|
||||
memcpy(psExtension->ATR.HistoryValue, &pucAtr[p], K);
|
||||
|
||||
- p = p + K;
|
||||
+ p += K;
|
||||
|
||||
/*
|
||||
* Check to see if TCK character is included It will be included if
|
||||
@@ -241,6 +241,9 @@
|
||||
if (psExtension->CardCapabilities.AvailableProtocols & SCARD_PROTOCOL_T1)
|
||||
TCK = pucAtr[p++];
|
||||
|
||||
+ if (p > MAX_ATR_SIZE)
|
||||
+ return 0; /** @retval 0 Maximum attribute size */
|
||||
+
|
||||
memcpy(psExtension->ATR.Value, pucAtr, p);
|
||||
psExtension->ATR.Length = p; /* modified from p-1 */
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
Name: pcsc-lite
|
||||
Version: 1.6.4
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: PC/SC Lite smart card framework and applications
|
||||
|
||||
Group: System Environment/Daemons
|
||||
|
@ -14,6 +14,7 @@ Patch0: %{name}-1.4-docinst.patch
|
|||
Patch1: %{name}-1.5.5-rpath64.patch
|
||||
# Disable pcscd on-demand startup (#653903)
|
||||
Patch2: %{name}-1.6.4-noautostart.patch
|
||||
Patch3: %{name}-CVE-2010-4531.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
BuildRequires: hal-devel
|
||||
|
@ -66,6 +67,7 @@ Requires: %{name}-libs = %{version}-%{release}
|
|||
%patch0 -p0 -b .docinst
|
||||
%patch1 -p1 -b .rpath64
|
||||
%patch2 -p1 -b .noautostart
|
||||
%patch3 -p0 -b .CVE-2010-4531
|
||||
|
||||
# Convert to utf-8
|
||||
for file in ChangeLog; do
|
||||
|
@ -146,6 +148,9 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Wed Jan 05 2011 Kalev Lember <kalev@smartlink.ee> - 1.6.4-3
|
||||
- Fixed a buffer overflow in ATR decoder (CVE-2010-4531)
|
||||
|
||||
* Mon Dec 13 2010 Kalev Lember <kalev@smartlink.ee> - 1.6.4-2
|
||||
- Disabled pcscd on-demand startup (#653903)
|
||||
|
||||
|
|
Loading…
Reference in New Issue