cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d443de5cb5
openbsd-ports/security/opensc/patches/patch-src_libopensc_card-starcos_c
jasper 8ef92e8abc SECURITY FIX for SA42658, 
OpenSC Serial Number Processing Buffer Overflow Vulnerabilities.

patches from upstream svn
ok maintainer
2010-12-27 15:30:11 +00:00

22 lines
897 B
Plaintext
Raw Blame History

$OpenBSD: patch-src_libopensc_card-starcos_c,v 1.1 2010/12/27 15:30:11 jasper Exp $
Security fix for SA42658
OpenSC Serial Number Processing Buffer Overflow Vulnerabilities.
Patch from upstream svn:
https://www.opensc-project.org/opensc/changeset/4913
--- src/libopensc/card-starcos.c.orig Mon Dec 27 13:05:41 2010
+++ src/libopensc/card-starcos.c Mon Dec 27 13:06:02 2010
@@ -1289,8 +1289,8 @@ static int starcos_get_serialnr(sc_card_t *card, sc_se
if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
return SC_ERROR_INTERNAL;
/* cache serial number */
- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
- card->serialnr.len = apdu.resplen;
+ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
+ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
/* copy and return serial number */
memcpy(serial, &card->serialnr, sizeof(*serial));
return SC_SUCCESS;
Reference in New Issue View Git Blame Copy Permalink