40 lines
1.3 KiB
Diff
40 lines
1.3 KiB
Diff
|
From 94f3619b2efbb852c4fc0cb42b20755bc7bf380b Mon Sep 17 00:00:00 2001
|
||
|
|
From: Ludovic Rousseau <ludovic.rousseau@free.fr>
|
||
|
|
Date: Sat, 8 Aug 2020 16:45:17 +0200
|
||
|
|
Subject: [PATCH 5/6] PPS_Match: fix potential read of uninitialized buffer
|
||
|
|
|
||
|
|
Thanks to Maksim Ivanov for the bug report
|
||
|
|
"[Pcsclite-muscle] Insufficient checks in CCID"
|
||
|
|
http://lists.infradead.org/pipermail/pcsclite-muscle/2020-August/001098.html
|
||
|
|
|
||
|
|
" Hello,
|
||
|
|
|
||
|
|
The CCID free software driver is missing a few checks and graceful
|
||
|
|
handling of some error cases:
|
||
|
|
|
||
|
|
7. Read of uninitialized buffer in PPS_Match() at
|
||
|
|
https://salsa.debian.org/rousseau/CCID/-/blob/4d5cbf703c268b31c734931166c52dcb9920c0fe/src/towitoko/pps.c#L101
|
||
|
|
- in case |len_confirm| is unexpectedly small. "
|
||
|
|
---
|
||
|
|
src/towitoko/pps.c | 4 +++-
|
||
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/src/towitoko/pps.c b/src/towitoko/pps.c
|
||
|
|
index d3b9bda..82b5915 100644
|
||
|
|
--- a/src/towitoko/pps.c
|
||
|
|
+++ b/src/towitoko/pps.c
|
||
|
|
@@ -98,7 +98,9 @@ PPS_Match (BYTE * request, unsigned len_request, BYTE * confirm, unsigned len_co
|
||
|
|
return FALSE;
|
||
|
|
|
||
|
|
/* See if the card specifies other than default FI and D */
|
||
|
|
- if ((PPS_HAS_PPS1 (confirm)) && (confirm[2] != request[2]))
|
||
|
|
+ if ((PPS_HAS_PPS1 (confirm))
|
||
|
|
+ && (len_confirm > 2)
|
||
|
|
+ && (confirm[2] != request[2]))
|
||
|
|
return FALSE;
|
||
|
|
|
||
|
|
return TRUE;
|
||
|
|
--
|
||
|
|
1.8.3.1
|
||
|
|
|