fda5734570
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
24 lines
683 B
Diff
24 lines
683 B
Diff
Index: src/atrhandler.c
|
|
===================================================================
|
|
--- src/atrhandler.c (revision 5369)
|
|
+++ src/atrhandler.c (revision 5370)
|
|
@@ -232,7 +232,7 @@
|
|
psExtension->ATR.HistoryLength = K;
|
|
memcpy(psExtension->ATR.HistoryValue, &pucAtr[p], K);
|
|
|
|
- p = p + K;
|
|
+ p += K;
|
|
|
|
/*
|
|
* Check to see if TCK character is included It will be included if
|
|
@@ -241,6 +241,9 @@
|
|
if (psExtension->CardCapabilities.AvailableProtocols & SCARD_PROTOCOL_T1)
|
|
TCK = pucAtr[p++];
|
|
|
|
+ if (p > MAX_ATR_SIZE)
|
|
+ return 0; /** @retval 0 Maximum attribute size */
|
|
+
|
|
memcpy(psExtension->ATR.Value, pucAtr, p);
|
|
psExtension->ATR.Length = p; /* modified from p-1 */
|
|
|