Fixed a buffer overflow in ATR decoder (CVE-2010-4531)
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
This commit is contained in:
parent
7d47f6f2cb
commit
6360140a1e
23
pcsc-lite-CVE-2010-4531.patch
Normal file
23
pcsc-lite-CVE-2010-4531.patch
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
Index: src/atrhandler.c
|
||||||
|
===================================================================
|
||||||
|
--- src/atrhandler.c (revision 5369)
|
||||||
|
+++ src/atrhandler.c (revision 5370)
|
||||||
|
@@ -232,7 +232,7 @@
|
||||||
|
psExtension->ATR.HistoryLength = K;
|
||||||
|
memcpy(psExtension->ATR.HistoryValue, &pucAtr[p], K);
|
||||||
|
|
||||||
|
- p = p + K;
|
||||||
|
+ p += K;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Check to see if TCK character is included It will be included if
|
||||||
|
@@ -241,6 +241,9 @@
|
||||||
|
if (psExtension->CardCapabilities.AvailableProtocols & SCARD_PROTOCOL_T1)
|
||||||
|
TCK = pucAtr[p++];
|
||||||
|
|
||||||
|
+ if (p > MAX_ATR_SIZE)
|
||||||
|
+ return 0; /** @retval 0 Maximum attribute size */
|
||||||
|
+
|
||||||
|
memcpy(psExtension->ATR.Value, pucAtr, p);
|
||||||
|
psExtension->ATR.Length = p; /* modified from p-1 */
|
||||||
|
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
Name: pcsc-lite
|
Name: pcsc-lite
|
||||||
Version: 1.6.4
|
Version: 1.6.4
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: PC/SC Lite smart card framework and applications
|
Summary: PC/SC Lite smart card framework and applications
|
||||||
|
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
@ -14,6 +14,7 @@ Patch0: %{name}-1.4-docinst.patch
|
|||||||
Patch1: %{name}-1.5.5-rpath64.patch
|
Patch1: %{name}-1.5.5-rpath64.patch
|
||||||
# Disable pcscd on-demand startup (#653903)
|
# Disable pcscd on-demand startup (#653903)
|
||||||
Patch2: %{name}-1.6.4-noautostart.patch
|
Patch2: %{name}-1.6.4-noautostart.patch
|
||||||
|
Patch3: %{name}-CVE-2010-4531.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
|
|
||||||
BuildRequires: hal-devel
|
BuildRequires: hal-devel
|
||||||
@ -66,6 +67,7 @@ Requires: %{name}-libs = %{version}-%{release}
|
|||||||
%patch0 -p0 -b .docinst
|
%patch0 -p0 -b .docinst
|
||||||
%patch1 -p1 -b .rpath64
|
%patch1 -p1 -b .rpath64
|
||||||
%patch2 -p1 -b .noautostart
|
%patch2 -p1 -b .noautostart
|
||||||
|
%patch3 -p0 -b .CVE-2010-4531
|
||||||
|
|
||||||
# Convert to utf-8
|
# Convert to utf-8
|
||||||
for file in ChangeLog; do
|
for file in ChangeLog; do
|
||||||
@ -146,6 +148,9 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jan 05 2011 Kalev Lember <kalev@smartlink.ee> - 1.6.4-3
|
||||||
|
- Fixed a buffer overflow in ATR decoder (CVE-2010-4531)
|
||||||
|
|
||||||
* Mon Dec 13 2010 Kalev Lember <kalev@smartlink.ee> - 1.6.4-2
|
* Mon Dec 13 2010 Kalev Lember <kalev@smartlink.ee> - 1.6.4-2
|
||||||
- Disabled pcscd on-demand startup (#653903)
|
- Disabled pcscd on-demand startup (#653903)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user