projects / sdk / emulator / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 172ce2c) | patch
ccid: Fix buffer overrun in handling of VSC_ATR message
authorMarkus Armbruster <armbru@redhat.com>
Mon, 28 Nov 2011 19:27:37 +0000 (20:27 +0100)
committerAnthony Liguori <aliguori@us.ibm.com>
Mon, 28 Nov 2011 22:20:53 +0000 (16:20 -0600)
commit660dc2f6017e9c3097d220780e1916c2c4e513d3
tree2e5ccd7d2f972ddb3cde2a977ab592f2a02f1f3etree | snapshot
parent172ce2c12dcb70723edfbb793ec54776497fb7b2commit | diff
ccid: Fix buffer overrun in handling of VSC_ATR message

ATR size exceeding the limit is diagnosed, but then we merrily use it
anyway, overrunning card->atr[].

The message is read from a character device.  Obvious security
implications unless the other end of the character device is trusted.

Spotted by Coverity.  CVE-2011-4111.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
hw/ccid-card-passthru.c diff | blob | history
Domain: SDK / Emulator;