]> git.proxmox.com Git - qemu.git/commit
projects / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: aea317a) | patch
ccid: Fix buffer overrun in handling of VSC_ATR message
authorMarkus Armbruster <armbru@redhat.com>
Mon, 28 Nov 2011 19:27:37 +0000 (20:27 +0100)
committerAnthony Liguori <aliguori@us.ibm.com>
Mon, 28 Nov 2011 22:20:53 +0000 (16:20 -0600)
commit7e62255a4b3e0e2ab84a3ec7398640e8ed58620a
tree2e5ccd7d2f972ddb3cde2a977ab592f2a02f1f3etree
parentaea317aaa5d92ee8789f976ccf105be67d956f5ecommit | diff
ccid: Fix buffer overrun in handling of VSC_ATR message

ATR size exceeding the limit is diagnosed, but then we merrily use it
anyway, overrunning card->atr[].

The message is read from a character device.  Obvious security
implications unless the other end of the character device is trusted.

Spotted by Coverity.  CVE-2011-4111.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
hw/ccid-card-passthru.c diff | blob | blame | history
Qemu copy for testing