Overview

File pcsc-ccid-CVE-2010-4530.patch of Package pcsc-ccid

------------------------------------------------------------------------
r5381 | rousseau | 2010-11-05 22:42:16 +0000 (Fri, 05 Nov 2010) | 5 lines

ReadSerial(): avoids a possible integer overflow if the CCID frame is
corrupted or malign.

Thanks to Rafael Dominguez Vega for the bug report

r5382 | rousseau | 2010-11-05 22:49:01 +0000 (Fri, 05 Nov 2010) | 2 lines

ReadSerial(): further improve check from revision 5381

------------------------------------------------------------------------
Index: Drivers/ccid/src/ccid_serial.c
===================================================================
--- Drivers/ccid/src/ccid_serial.c	(revision 5380)
+++ Drivers/ccid/src/ccid_serial.c	(revision 5382)
@@ -310,6 +310,12 @@
 	/* total frame size */
 	to_read = 10+dw2i(buffer, 1);
 
+	if ((to_read < 10) || (to_read > (int)*length))
+	{
+		DEBUG_CRITICAL2("Wrong value for frame size: %d", to_read);
+		return STATUS_COMM_ERROR;
+	}
+
 	DEBUG_COMM2("frame size: %d", to_read);
 	if ((rv = get_bytes(reader_index, buffer+5, to_read-5)) != STATUS_SUCCESS)
 		return rv;
openSUSE Build Service is sponsored by
Places