[ccid/f13/master] Fixed an integer overflow in card serial number processing code (CVE-2010-4530)

Wed Jan 5 10:45:44 UTC 2011

commit 78e59ddf4a8b119fc800e8730fe0228ce0a7f5c0
Author: Kalev Lember <kalev at smartlink.ee>
Date:   Wed Jan 5 12:36:22 2011 +0200

    Fixed an integer overflow in card serial number processing code (CVE-2010-4530)
    
    http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf

 ccid-CVE-2010-4530.patch |   17 +++++++++++++++++
 ccid.spec                |    7 ++++++-
 2 files changed, 23 insertions(+), 1 deletions(-)
---

diff --git a/ccid-CVE-2010-4530.patch b/ccid-CVE-2010-4530.patch
new file mode 100644
index 0000000..aabab98
--- /dev/null
+++ b/ccid-CVE-2010-4530.patch
@@ -0,0 +1,17 @@
+Index: src/ccid_serial.c
+===================================================================
+--- src/ccid_serial.c	(revision 5380)
++++ src/ccid_serial.c	(revision 5382)
+@@ -310,6 +310,12 @@
+ 	/* total frame size */
+ 	to_read = 10+dw2i(buffer, 1);
+ 
++	if ((to_read < 10) || (to_read > (int)*length))
++	{
++		DEBUG_CRITICAL2("Wrong value for frame size: %d", to_read);
++		return STATUS_COMM_ERROR;
++	}
++
+ 	DEBUG_COMM2("frame size: %d", to_read);
+ 	if ((rv = get_bytes(reader_index, buffer+5, to_read-5)) != STATUS_SUCCESS)
+ 		return rv;
diff --git a/ccid.spec b/ccid.spec
index 3465610..4731076 100644
--- a/ccid.spec
+++ b/ccid.spec
@@ -5,13 +5,14 @@
 
 Name:           ccid
 Version:        1.3.11
-Release:        1%{dist}
+Release:        2%{dist}
 Summary:        Generic USB CCID smart card reader driver
 
 Group:          System Environment/Libraries
 License:        LGPLv2+
 URL:            http://pcsclite.alioth.debian.org/ccid.html
 Source0:        http://alioth.debian.org/download.php/%{upstream_build}/%{name}-%{version}.tar.bz2
+Patch0:         ccid-CVE-2010-4530.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  libusb-devel >= %{libusb_ver}
@@ -31,6 +32,7 @@ Generic USB CCID (Chip/Smart Card Interface Devices) driver.
 
 %prep
 %setup -q
+%patch0 -p0 -b .CVE-2010-4530
 
 
 %build
@@ -75,6 +77,9 @@ exit 0
 
 
 %changelog
+* Wed Jan 05 2011 Kalev Lember <kalev at smartlink.ee> - 1.3.11-2
+- Fixed an integer overflow in card serial number processing code (CVE-2010-4530)
+
 * Wed Nov 19 2009 Kalev Lember <kalev at smartlink.ee> - 1.3.11-1
 - Updated to ccid 1.3.11
 - Removed iso-8859-1 to utf-8 conversion as the files are in utf-8 now
