[opensc/el5/master] - fix buffer overflow on rogue card serial numbers
Tomáš Mráz
tmraz at fedoraproject.org
Tue Dec 21 20:30:14 UTC 2010
commit d65ffb9ccd2231f2c058f8dc00a3fe842c2cbe0d
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Tue Dec 21 21:30:04 2010 +0100
- fix buffer overflow on rogue card serial numbers
opensc-0.11.13-serial-overflow.patch | 71 ++++++++++++++++++++++++++++++++++
opensc.spec | 12 +++++-
2 files changed, 82 insertions(+), 1 deletions(-)
---
diff --git a/opensc-0.11.13-serial-overflow.patch b/opensc-0.11.13-serial-overflow.patch
new file mode 100644
index 0000000..6d492e5
--- /dev/null
+++ b/opensc-0.11.13-serial-overflow.patch
@@ -0,0 +1,71 @@
+Index: /trunk/src/libopensc/muscle.c
+===================================================================
+--- /trunk/src/libopensc/muscle.c (revision 4350)
++++ /trunk/src/libopensc/muscle.c (revision 4912)
+@@ -31,11 +31,4 @@
+ #define MSC_DSA_PUBLIC 0x04
+ #define MSC_DSA_PRIVATE 0x05
+-
+-#ifndef MAX
+-#define MAX(x, y) (((x) > (y)) ? (x) : (y))
+-#endif
+-#ifndef MIN
+-#define MIN(x, y) (((x) < (y)) ? (x) : (y))
+-#endif
+
+ static msc_id inputId = { { 0xFF, 0xFF, 0xFF, 0xFF } };
+Index: /trunk/src/libopensc/internal.h
+===================================================================
+--- /trunk/src/libopensc/internal.h (revision 4902)
++++ /trunk/src/libopensc/internal.h (revision 4912)
+@@ -48,4 +48,11 @@
+ #define msleep(t) Sleep(t)
+ #define sleep(t) Sleep((t) * 1000)
++#endif
++
++#ifndef MAX
++#define MAX(x, y) (((x) > (y)) ? (x) : (y))
++#endif
++#ifndef MIN
++#define MIN(x, y) (((x) < (y)) ? (x) : (y))
+ #endif
+
+Index: /trunk/src/libopensc/card-atrust-acos.c
+===================================================================
+--- /trunk/src/libopensc/card-atrust-acos.c (revision 4706)
++++ /trunk/src/libopensc/card-atrust-acos.c (revision 4913)
+@@ -843,6 +843,6 @@
+ return SC_ERROR_INTERNAL;
+ /* cache serial number */
+- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+- card->serialnr.len = apdu.resplen;
++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ /* copy and return serial number */
+ memcpy(serial, &card->serialnr, sizeof(*serial));
+Index: /trunk/src/libopensc/card-starcos.c
+===================================================================
+--- /trunk/src/libopensc/card-starcos.c (revision 4706)
++++ /trunk/src/libopensc/card-starcos.c (revision 4913)
+@@ -1280,6 +1280,6 @@
+ return SC_ERROR_INTERNAL;
+ /* cache serial number */
+- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+- card->serialnr.len = apdu.resplen;
++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ /* copy and return serial number */
+ memcpy(serial, &card->serialnr, sizeof(*serial));
+Index: /trunk/src/libopensc/card-acos5.c
+===================================================================
+--- /trunk/src/libopensc/card-acos5.c (revision 4118)
++++ /trunk/src/libopensc/card-acos5.c (revision 4913)
+@@ -139,6 +139,6 @@
+ * Cache serial number.
+ */
+- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+- card->serialnr.len = apdu.resplen;
++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+
+ /*
diff --git a/opensc.spec b/opensc.spec
index 53a4b83..ee8a367 100644
--- a/opensc.spec
+++ b/opensc.spec
@@ -2,7 +2,7 @@
Name: opensc
Version: 0.11.13
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: Smart card library and applications
Group: System Environment/Libraries
@@ -13,11 +13,14 @@ Patch1: %{name}-0.11.7-develconfig.patch
Patch2: %{name}-0.11.12-no-add-needed.patch
Patch3: opensc-0.11.13-libassuan1.patch
Patch4: opensc-0.11.13-build-readerstate.patch
+Patch5: opensc-0.11.13-serial-overflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: pcsc-lite-devel
BuildRequires: readline-devel
+%if 0%{?fedora} || 0%{?rhel} > 5
BuildRequires: openct-devel
+%endif
BuildRequires: openssl-devel
BuildRequires: libtool-ltdl-devel
BuildRequires: libtool
@@ -62,6 +65,8 @@ OpenSC development files.
%setup -q
%patch1 -p1 -b .config
%patch2 -p1 -b .no-add-needed
+%patch5 -p2 -b .overflow
+
sed -i -e 's|"/lib /usr/lib\b|"/%{_lib} %{_libdir}|' configure # lib64 rpaths
cp -p src/pkcs15init/README ./README.pkcs15init
cp -p src/scconf/README.scconf .
@@ -81,7 +86,9 @@ rm -f m4/libassuan.m4
%configure --disable-static \
--enable-nsplugin \
--enable-pcsc \
+%if 0%{?fedora} || 0%{?rhel} > 5
--enable-openct \
+%endif
--enable-doc \
--with-pcsc-provider=libpcsclite.so.1 \
--with-plugindir=%{plugindir} \
@@ -171,6 +178,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Tue Dec 21 2010 Tomas Mraz <tmraz at redhat.com> - 0.11.13-6
+- fix buffer overflow on rogue card serial numbers
+
* Tue Oct 19 2010 Tomas Mraz <tmraz at redhat.com> - 0.11.13-5
- own the _libdir/pkcs11 subdirectory (#644527)
More information about the scm-commits
mailing list