Overview

File CVE-2018-14779.patch of Package yubico-piv-tool.8570

From 01a127a44a2229ea14195208e444ec526eaf45f4 Mon Sep 17 00:00:00 2001
From: Klas Lindfors <klas@yubico.com>
Date: Tue, 22 May 2018 13:31:20 +0200
Subject: [PATCH] lib: in ykpiv_transfer_data() handle overflow by exiting

this is detected and printed, but we never exit the function

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
---
 lib/ykpiv.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Index: yubico-piv-tool-1.5.0/lib/ykpiv.c
===================================================================
--- yubico-piv-tool-1.5.0.orig/lib/ykpiv.c
+++ yubico-piv-tool-1.5.0/lib/ykpiv.c
@@ -561,7 +561,11 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state
       goto Cleanup;
     }
     if(*out_len + recv_len - 2 > max_out) {
-      fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out);
+      if(state->verbose) {
+        fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out);
+      }
+      res = YKPIV_SIZE_ERROR;
+      goto Cleanup;
     }
     if(out_data) {
       memcpy(out_data, data, recv_len - 2);
openSUSE Build Service is sponsored by
Places