[pkg-opensc-commit] [SCM] OpenSC packaging branch, lenny, updated. fe4c488dbdccb1404162edeb6e1019e19d57f295

Tue May 31 07:29:10 UTC 2011

The following commit has been merged in the lenny branch:
commit fe4c488dbdccb1404162edeb6e1019e19d57f295
Author: Eric Dorland <eric at debian.org>
Date:   Sat Feb 12 21:12:33 2011 -0500

    Non-maintainer upload.
    
    * Non-maintainer upload.
    * CVE-2010-4523: Protect against buffer overflow from rogue cards
      (closes: #607427)

diff --git a/debian/changelog b/debian/changelog
index be872fa..c4be3ef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+opensc (0.11.4-5+lenny1.1) stable; urgency=high
+
+  * Non-maintainer upload.
+  * CVE-2010-4523: Protect against buffer overflow from rogue cards 
+    (closes: #607427)
+
+ -- Jonathan Wiltshire <jmw at debian.org>  Wed, 22 Dec 2010 15:32:16 +0000
+
 opensc (0.11.4-5+lenny1) stable-security; urgency=critical
 
   * src/pkcs15init/asepcos.profile, src/pkcs15init/cardos.profile,
diff --git a/src/libopensc/card-acos5.c b/src/libopensc/card-acos5.c
index 8e23918..236c1f1 100644
--- a/src/libopensc/card-acos5.c
+++ b/src/libopensc/card-acos5.c
@@ -140,8 +140,8 @@ static int acos5_get_serialnr(sc_card_t * card, sc_serial_number_t * serial)
 	/*
 	 * Cache serial number.
 	 */
-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
-	card->serialnr.len = apdu.resplen;
+	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
+	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
 
 	/*
 	 * Copy and return serial number.
diff --git a/src/libopensc/card-atrust-acos.c b/src/libopensc/card-atrust-acos.c
index 6ee0554..89c2ce4 100644
--- a/src/libopensc/card-atrust-acos.c
+++ b/src/libopensc/card-atrust-acos.c
@@ -833,8 +833,8 @@ static int acos_get_serialnr(sc_card_t *card, sc_serial_number_t *serial)
 	if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
 		return SC_ERROR_INTERNAL;
 	/* cache serial number */
-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
-	card->serialnr.len = apdu.resplen;
+	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
+	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
 	/* copy and return serial number */
 	memcpy(serial, &card->serialnr, sizeof(*serial));
 	return SC_SUCCESS;
diff --git a/src/libopensc/card-starcos.c b/src/libopensc/card-starcos.c
index d87d699..8d79cb6 100644
--- a/src/libopensc/card-starcos.c
+++ b/src/libopensc/card-starcos.c
@@ -1289,8 +1289,8 @@ static int starcos_get_serialnr(sc_card_t *card, sc_serial_number_t *serial)
 	if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
 		return SC_ERROR_INTERNAL;
 	/* cache serial number */
-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
-	card->serialnr.len = apdu.resplen;
+	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
+	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
 	/* copy and return serial number */
 	memcpy(serial, &card->serialnr, sizeof(*serial));
 	return SC_SUCCESS;
diff --git a/src/libopensc/internal.h b/src/libopensc/internal.h
index 2ab2993..a847b6e 100644
--- a/src/libopensc/internal.h
+++ b/src/libopensc/internal.h
@@ -47,6 +47,13 @@ extern "C" {
 #define sleep(t)	Sleep((t) * 1000)
 #endif
 
+#ifndef MAX
+#define MAX(x, y) (((x) > (y)) ? (x) : (y))
+#endif
+#ifndef MIN
+#define MIN(x, y) (((x) < (y)) ? (x) : (y))
+#endif
+
 struct sc_atr_table {
 	/* The atr fields are required to
 	 * be in aa:bb:cc hex format. */
diff --git a/src/libopensc/muscle.c b/src/libopensc/muscle.c
index b4b4693..73a55bb 100644
--- a/src/libopensc/muscle.c
+++ b/src/libopensc/muscle.c
@@ -28,13 +28,6 @@
 #define MSC_DSA_PUBLIC		0x04
 #define MSC_DSA_PRIVATE 	0x05
 
-#ifndef MAX
-#define MAX(x, y) (((x) > (y)) ? (x) : (y))
-#endif
-#ifndef MIN
-#define MIN(x, y) (((x) < (y)) ? (x) : (y))
-#endif
-
 static msc_id inputId = { { 0xFF, 0xFF, 0xFF, 0xFF } };
 static msc_id outputId = { { 0xFF, 0xFF, 0xFF, 0xFE } };
 

-- 
OpenSC packaging

