cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e9e2cc597c
openbsd-ports/security/opensc/patches/patch-src_libopensc_card-acos5_c
jasper 8ef92e8abc SECURITY FIX for SA42658, 
OpenSC Serial Number Processing Buffer Overflow Vulnerabilities.

patches from upstream svn
ok maintainer
2010-12-27 15:30:11 +00:00

22 lines
757 B
Plaintext
Raw Blame History

$OpenBSD: patch-src_libopensc_card-acos5_c,v 1.1 2010/12/27 15:30:11 jasper Exp $
Security fix for SA42658
OpenSC Serial Number Processing Buffer Overflow Vulnerabilities.
Patch from upstream svn:
https://www.opensc-project.org/opensc/changeset/4913
--- src/libopensc/card-acos5.c.orig Mon Dec 27 13:06:14 2010
+++ src/libopensc/card-acos5.c Mon Dec 27 13:06:27 2010
@@ -140,8 +140,8 @@ static int acos5_get_serialnr(sc_card_t * card, sc_ser
/*
* Cache serial number.
*/
- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
- card->serialnr.len = apdu.resplen;
+ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
+ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
/*
* Copy and return serial number.
Reference in New Issue View Git Blame Copy Permalink