rpms/pcsc-lite/F-12 pcsc-lite-CVE-2010-0407.patch, 1.1, 1.2 pcsc-lite.spec, 1.23, 1.24
Kalev Lember
kalev at fedoraproject.org
Sun Jul 4 14:30:40 UTC 2010
Author: kalev
Update of /cvs/pkgs/rpms/pcsc-lite/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv16388
Modified Files:
pcsc-lite-CVE-2010-0407.patch pcsc-lite.spec
Log Message:
Fix up incorrect checks in CVE-2010-0407.patch (#596426)
pcsc-lite-CVE-2010-0407.patch:
winscard_svc.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 57 insertions(+)
Index: pcsc-lite-CVE-2010-0407.patch
===================================================================
RCS file: /cvs/pkgs/rpms/pcsc-lite/F-12/pcsc-lite-CVE-2010-0407.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- pcsc-lite-CVE-2010-0407.patch 15 Jun 2010 19:07:57 -0000 1.1
+++ pcsc-lite-CVE-2010-0407.patch 4 Jul 2010 14:30:39 -0000 1.2
@@ -36,7 +36,7 @@ diff -ru pcsc-lite-1.4.102.orig//src/win
if (rv != 0) return rv;
+ /* avoids buffer overflow */
-+ if ((ctStr->cbRecvLength > sizeof(ctStr->cbRecvLength))
++ if ((ctStr->cbRecvLength > sizeof(ctStr->pbRecvBuffer))
+ || (ctStr->cbSendLength > sizeof(ctStr->pbSendBuffer)))
+ {
+ ctStr->rv = SCARD_E_INSUFFICIENT_BUFFER;
@@ -66,7 +66,7 @@ diff -ru pcsc-lite-1.4.102.orig//src/win
if (rv != 0) return rv;
+
+ /* avoids buffer overflow */
-+ if (gsStr->cbAttrLen <= sizeof(gsStr->pbAttr))
++ if (gsStr->cbAttrLen > sizeof(gsStr->pbAttr))
+ {
+ gsStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
+ break;
Index: pcsc-lite.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pcsc-lite/F-12/pcsc-lite.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -p -r1.23 -r1.24
--- pcsc-lite.spec 15 Jun 2010 19:07:57 -0000 1.23
+++ pcsc-lite.spec 4 Jul 2010 14:30:40 -0000 1.24
@@ -1,6 +1,6 @@
Name: pcsc-lite
Version: 1.5.2
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: PC/SC Lite smart card framework and applications
%define upstream_build 2795
@@ -154,6 +154,9 @@ fi
%changelog
+* Sun Jul 04 2010 Kalev Lember <kalev at smartlink.ee> - 1.5.2-5
+- Fix up incorrect checks in CVE-2010-0407.patch (#596426)
+
* Tue Jun 15 2010 Kalev Lember <kalev at smartlink.ee> - 1.5.2-4
- Patch for CVE-2010-0407
More information about the scm-commits
mailing list