From a28c7042ad2e04d932454ec1a11876b79a0c5cfd Mon Sep 17 00:00:00 2001
From: Kalev Lember <kalev@fedoraproject.org>
Date: Sun, 4 Jul 2010 14:30:40 +0000
Subject: [PATCH] Fix up incorrect checks in CVE-2010-0407.patch (#596426)

---
 pcsc-lite-CVE-2010-0407.patch | 4 ++--
 pcsc-lite.spec                | 5 ++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/pcsc-lite-CVE-2010-0407.patch b/pcsc-lite-CVE-2010-0407.patch
index 3ff7e45..8414ca5 100644
--- a/pcsc-lite-CVE-2010-0407.patch
+++ b/pcsc-lite-CVE-2010-0407.patch
@@ -36,7 +36,7 @@ diff -ru pcsc-lite-1.4.102.orig//src/winscard_svc.c pcsc-lite-1.4.102/src/winsca
  		if (rv != 0) return rv;
  
 +		/* avoids buffer overflow */
-+		if ((ctStr->cbRecvLength > sizeof(ctStr->cbRecvLength))
++		if ((ctStr->cbRecvLength > sizeof(ctStr->pbRecvBuffer))
 +			|| (ctStr->cbSendLength > sizeof(ctStr->pbSendBuffer)))
 +		{
 +			ctStr->rv = SCARD_E_INSUFFICIENT_BUFFER;
@@ -66,7 +66,7 @@ diff -ru pcsc-lite-1.4.102.orig//src/winscard_svc.c pcsc-lite-1.4.102/src/winsca
  		if (rv != 0) return rv;
 +
 +		/* avoids buffer overflow */
-+		if (gsStr->cbAttrLen <= sizeof(gsStr->pbAttr))
++		if (gsStr->cbAttrLen > sizeof(gsStr->pbAttr))
 +		{
 +			gsStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
 +			break;
diff --git a/pcsc-lite.spec b/pcsc-lite.spec
index 35ae909..03b5399 100644
--- a/pcsc-lite.spec
+++ b/pcsc-lite.spec
@@ -1,6 +1,6 @@
 Name:           pcsc-lite
 Version:        1.5.2
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        PC/SC Lite smart card framework and applications
 %define upstream_build 2795
 
@@ -154,6 +154,9 @@ fi
 
 
 %changelog
+* Sun Jul 04 2010 Kalev Lember <kalev@smartlink.ee> - 1.5.2-5
+- Fix up incorrect checks in CVE-2010-0407.patch (#596426)
+
 * Tue Jun 15 2010 Kalev Lember <kalev@smartlink.ee> - 1.5.2-4
 - Patch for CVE-2010-0407