| commit | 7e62255a4b3e0e2ab84a3ec7398640e8ed58620a | |
| author | Markus Armbruster <armbru@redhat.com> | |
| Mon, 28 Nov 2011 19:27:37 +0000 (28 20:27 +0100) | ||
| committer | Anthony Liguori <aliguori@us.ibm.com> | |
| Mon, 28 Nov 2011 22:20:53 +0000 (28 16:20 -0600) | ||
| tree | 2e5ccd7d2f972ddb3cde2a977ab592f2a02f1f3e | treesnapshot (tar.gz zip) |
| parent | aea317aaa5d92ee8789f976ccf105be67d956f5e | commitdiff |
ccid: Fix buffer overrun in handling of VSC_ATR message
ATR size exceeding the limit is diagnosed, but then we merrily use it
anyway, overrunning card->atr[].
The message is read from a character device. Obvious security
implications unless the other end of the character device is trusted.
Spotted by Coverity. CVE-2011-4111.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
ATR size exceeding the limit is diagnosed, but then we merrily use it
anyway, overrunning card->atr[].
The message is read from a character device. Obvious security
implications unless the other end of the character device is trusted.
Spotted by Coverity. CVE-2011-4111.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
| hw/ccid-card-passthru.c | diffblobblamehistory |