[ccid/f13/master] Fixed an integer overflow in card serial number processing code (CVE-2010-4530)
Kalev Lember
kalev at fedoraproject.org
Wed Jan 5 10:45:44 UTC 2011
commit 78e59ddf4a8b119fc800e8730fe0228ce0a7f5c0
Author: Kalev Lember <kalev at smartlink.ee>
Date: Wed Jan 5 12:36:22 2011 +0200
Fixed an integer overflow in card serial number processing code (CVE-2010-4530)
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
ccid-CVE-2010-4530.patch | 17 +++++++++++++++++
ccid.spec | 7 ++++++-
2 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/ccid-CVE-2010-4530.patch b/ccid-CVE-2010-4530.patch
new file mode 100644
index 0000000..aabab98
--- /dev/null
+++ b/ccid-CVE-2010-4530.patch
@@ -0,0 +1,17 @@
+Index: src/ccid_serial.c
+===================================================================
+--- src/ccid_serial.c (revision 5380)
++++ src/ccid_serial.c (revision 5382)
+@@ -310,6 +310,12 @@
+ /* total frame size */
+ to_read = 10+dw2i(buffer, 1);
+
++ if ((to_read < 10) || (to_read > (int)*length))
++ {
++ DEBUG_CRITICAL2("Wrong value for frame size: %d", to_read);
++ return STATUS_COMM_ERROR;
++ }
++
+ DEBUG_COMM2("frame size: %d", to_read);
+ if ((rv = get_bytes(reader_index, buffer+5, to_read-5)) != STATUS_SUCCESS)
+ return rv;
diff --git a/ccid.spec b/ccid.spec
index 3465610..4731076 100644
--- a/ccid.spec
+++ b/ccid.spec
@@ -5,13 +5,14 @@
Name: ccid
Version: 1.3.11
-Release: 1%{dist}
+Release: 2%{dist}
Summary: Generic USB CCID smart card reader driver
Group: System Environment/Libraries
License: LGPLv2+
URL: http://pcsclite.alioth.debian.org/ccid.html
Source0: http://alioth.debian.org/download.php/%{upstream_build}/%{name}-%{version}.tar.bz2
+Patch0: ccid-CVE-2010-4530.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libusb-devel >= %{libusb_ver}
@@ -31,6 +32,7 @@ Generic USB CCID (Chip/Smart Card Interface Devices) driver.
%prep
%setup -q
+%patch0 -p0 -b .CVE-2010-4530
%build
@@ -75,6 +77,9 @@ exit 0
%changelog
+* Wed Jan 05 2011 Kalev Lember <kalev at smartlink.ee> - 1.3.11-2
+- Fixed an integer overflow in card serial number processing code (CVE-2010-4530)
+
* Wed Nov 19 2009 Kalev Lember <kalev at smartlink.ee> - 1.3.11-1
- Updated to ccid 1.3.11
- Removed iso-8859-1 to utf-8 conversion as the files are in utf-8 now
More information about the scm-commits
mailing list