[pkg-opensc-commit] [SCM] OpenSC packaging branch, lenny, updated. fe4c488dbdccb1404162edeb6e1019e19d57f295
Eric Dorland
eric at debian.org
Tue May 31 07:29:10 UTC 2011
The following commit has been merged in the lenny branch:
commit fe4c488dbdccb1404162edeb6e1019e19d57f295
Author: Eric Dorland <eric at debian.org>
Date: Sat Feb 12 21:12:33 2011 -0500
Non-maintainer upload.
* Non-maintainer upload.
* CVE-2010-4523: Protect against buffer overflow from rogue cards
(closes: #607427)
diff --git a/debian/changelog b/debian/changelog
index be872fa..c4be3ef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+opensc (0.11.4-5+lenny1.1) stable; urgency=high
+
+ * Non-maintainer upload.
+ * CVE-2010-4523: Protect against buffer overflow from rogue cards
+ (closes: #607427)
+
+ -- Jonathan Wiltshire <jmw at debian.org> Wed, 22 Dec 2010 15:32:16 +0000
+
opensc (0.11.4-5+lenny1) stable-security; urgency=critical
* src/pkcs15init/asepcos.profile, src/pkcs15init/cardos.profile,
diff --git a/src/libopensc/card-acos5.c b/src/libopensc/card-acos5.c
index 8e23918..236c1f1 100644
--- a/src/libopensc/card-acos5.c
+++ b/src/libopensc/card-acos5.c
@@ -140,8 +140,8 @@ static int acos5_get_serialnr(sc_card_t * card, sc_serial_number_t * serial)
/*
* Cache serial number.
*/
- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
- card->serialnr.len = apdu.resplen;
+ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
+ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
/*
* Copy and return serial number.
diff --git a/src/libopensc/card-atrust-acos.c b/src/libopensc/card-atrust-acos.c
index 6ee0554..89c2ce4 100644
--- a/src/libopensc/card-atrust-acos.c
+++ b/src/libopensc/card-atrust-acos.c
@@ -833,8 +833,8 @@ static int acos_get_serialnr(sc_card_t *card, sc_serial_number_t *serial)
if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
return SC_ERROR_INTERNAL;
/* cache serial number */
- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
- card->serialnr.len = apdu.resplen;
+ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
+ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
/* copy and return serial number */
memcpy(serial, &card->serialnr, sizeof(*serial));
return SC_SUCCESS;
diff --git a/src/libopensc/card-starcos.c b/src/libopensc/card-starcos.c
index d87d699..8d79cb6 100644
--- a/src/libopensc/card-starcos.c
+++ b/src/libopensc/card-starcos.c
@@ -1289,8 +1289,8 @@ static int starcos_get_serialnr(sc_card_t *card, sc_serial_number_t *serial)
if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
return SC_ERROR_INTERNAL;
/* cache serial number */
- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
- card->serialnr.len = apdu.resplen;
+ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
+ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
/* copy and return serial number */
memcpy(serial, &card->serialnr, sizeof(*serial));
return SC_SUCCESS;
diff --git a/src/libopensc/internal.h b/src/libopensc/internal.h
index 2ab2993..a847b6e 100644
--- a/src/libopensc/internal.h
+++ b/src/libopensc/internal.h
@@ -47,6 +47,13 @@ extern "C" {
#define sleep(t) Sleep((t) * 1000)
#endif
+#ifndef MAX
+#define MAX(x, y) (((x) > (y)) ? (x) : (y))
+#endif
+#ifndef MIN
+#define MIN(x, y) (((x) < (y)) ? (x) : (y))
+#endif
+
struct sc_atr_table {
/* The atr fields are required to
* be in aa:bb:cc hex format. */
diff --git a/src/libopensc/muscle.c b/src/libopensc/muscle.c
index b4b4693..73a55bb 100644
--- a/src/libopensc/muscle.c
+++ b/src/libopensc/muscle.c
@@ -28,13 +28,6 @@
#define MSC_DSA_PUBLIC 0x04
#define MSC_DSA_PRIVATE 0x05
-#ifndef MAX
-#define MAX(x, y) (((x) > (y)) ? (x) : (y))
-#endif
-#ifndef MIN
-#define MIN(x, y) (((x) < (y)) ? (x) : (y))
-#endif
-
static msc_id inputId = { { 0xFF, 0xFF, 0xFF, 0xFF } };
static msc_id outputId = { { 0xFF, 0xFF, 0xFF, 0xFE } };
--
OpenSC packaging
More information about the pkg-opensc-commit
mailing list