Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1:Test
pcsc-ccid
pcsc-ccid-CVE-2010-4530.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File pcsc-ccid-CVE-2010-4530.patch of Package pcsc-ccid
------------------------------------------------------------------------ r5381 | rousseau | 2010-11-05 22:42:16 +0000 (Fri, 05 Nov 2010) | 5 lines ReadSerial(): avoids a possible integer overflow if the CCID frame is corrupted or malign. Thanks to Rafael Dominguez Vega for the bug report r5382 | rousseau | 2010-11-05 22:49:01 +0000 (Fri, 05 Nov 2010) | 2 lines ReadSerial(): further improve check from revision 5381 ------------------------------------------------------------------------ Index: Drivers/ccid/src/ccid_serial.c =================================================================== --- Drivers/ccid/src/ccid_serial.c (revision 5380) +++ Drivers/ccid/src/ccid_serial.c (revision 5382) @@ -310,6 +310,12 @@ /* total frame size */ to_read = 10+dw2i(buffer, 1); + if ((to_read < 10) || (to_read > (int)*length)) + { + DEBUG_CRITICAL2("Wrong value for frame size: %d", to_read); + return STATUS_COMM_ERROR; + } + DEBUG_COMM2("frame size: %d", to_read); if ((rv = get_bytes(reader_index, buffer+5, to_read-5)) != STATUS_SUCCESS) return rv;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor