Bug#607427: opensc: diff for NMU version 0.11.13-1.1

Wed, 22 Dec 2010 07:00:16 -0800 


Dear maintainer,

I've prepared an NMU for opensc (versioned as 0.11.13-1.1) and
uploaded it immediately, given the security concern and urgency.

The diff is attached to this message. I have subscribed to the
package in the PTS in case of problems or any further action
required, but please don't hesitate to mail me.

Regards.

-- 
Jonathan Wiltshire                                      j...@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

diff -Nru opensc-0.11.13/debian/changelog opensc-0.11.13/debian/changelog
--- opensc-0.11.13/debian/changelog	2010-03-01 05:58:15.000000000 +0000
+++ opensc-0.11.13/debian/changelog	2010-12-22 14:21:46.000000000 +0000
@@ -1,3 +1,11 @@
+opensc (0.11.13-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * CVE-2010-4523: Protect against buffer overflow from rogue cards 
+    (closes: #607427)
+
+ -- Jonathan Wiltshire <j...@debian.org>  Wed, 22 Dec 2010 14:20:22 +0000
+
 opensc (0.11.13-1) unstable; urgency=low
 
   * New upstream release. (Closes: #570107, #505404)
diff -Nru opensc-0.11.13/debian/patches/CVE-2010-4523 opensc-0.11.13/debian/patches/CVE-2010-4523
--- opensc-0.11.13/debian/patches/CVE-2010-4523	1970-01-01 01:00:00.000000000 +0100
+++ opensc-0.11.13/debian/patches/CVE-2010-4523	2010-12-22 14:20:00.000000000 +0000
@@ -0,0 +1,46 @@
+Description: protect against possible buffer overflows from rogue cards
+ (CVE-2010-4523)
+Origin: https://www.opensc-project.org/opensc/changeset/4913
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427
+Forwarded: not-needed
+Last-Update: 2010-12-22
+
+--- opensc-0.11.13.orig/src/libopensc/card-acos5.c
++++ opensc-0.11.13/src/libopensc/card-acos5.c
+@@ -140,8 +140,8 @@
+ 	/*
+ 	 * Cache serial number.
+ 	 */
+-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+-	card->serialnr.len = apdu.resplen;
++	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ 
+ 	/*
+ 	 * Copy and return serial number.
+--- opensc-0.11.13.orig/src/libopensc/card-atrust-acos.c
++++ opensc-0.11.13/src/libopensc/card-atrust-acos.c
+@@ -853,8 +853,8 @@
+ 	if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
+ 		return SC_ERROR_INTERNAL;
+ 	/* cache serial number */
+-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+-	card->serialnr.len = apdu.resplen;
++	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ 	/* copy and return serial number */
+ 	memcpy(serial, &card->serialnr, sizeof(*serial));
+ 	return SC_SUCCESS;
+--- opensc-0.11.13.orig/src/libopensc/card-starcos.c
++++ opensc-0.11.13/src/libopensc/card-starcos.c
+@@ -1289,8 +1289,8 @@
+ 	if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
+ 		return SC_ERROR_INTERNAL;
+ 	/* cache serial number */
+-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+-	card->serialnr.len = apdu.resplen;
++	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ 	/* copy and return serial number */
+ 	memcpy(serial, &card->serialnr, sizeof(*serial));
+ 	return SC_SUCCESS;
diff -Nru opensc-0.11.13/debian/patches/min-max-macros opensc-0.11.13/debian/patches/min-max-macros
--- opensc-0.11.13/debian/patches/min-max-macros	1970-01-01 01:00:00.000000000 +0100
+++ opensc-0.11.13/debian/patches/min-max-macros	2010-12-22 14:40:49.000000000 +0000
@@ -0,0 +1,38 @@
+Description: move MIN/MAX macros from muscle.c to internal.h (needed for
+ patch CVE-2010-4523)
+Origin: https://www.opensc-project.org/opensc/changeset/4912
+Forwarded: not-needed
+Last-Update: 2010-12-22
+
+--- opensc-0.11.13.orig/src/libopensc/internal.h
++++ opensc-0.11.13/src/libopensc/internal.h
+@@ -50,6 +50,13 @@
+ #define sleep(t)	Sleep((t) * 1000)
+ #endif
+ 
++#ifndef MAX
++#define MAX(x, y) (((x) > (y)) ? (x) : (y))
++#endif
++#ifndef MIN
++#define MIN(x, y) (((x) < (y)) ? (x) : (y))
++#endif
++
+ struct sc_atr_table {
+ 	/* The atr fields are required to
+ 	 * be in aa:bb:cc hex format. */
+--- opensc-0.11.13.orig/src/libopensc/muscle.c
++++ opensc-0.11.13/src/libopensc/muscle.c
+@@ -28,13 +28,6 @@
+ #define MSC_DSA_PUBLIC		0x04
+ #define MSC_DSA_PRIVATE 	0x05
+ 
+-#ifndef MAX
+-#define MAX(x, y) (((x) > (y)) ? (x) : (y))
+-#endif
+-#ifndef MIN
+-#define MIN(x, y) (((x) < (y)) ? (x) : (y))
+-#endif
+-
+ static msc_id inputId = { { 0xFF, 0xFF, 0xFF, 0xFF } };
+ static msc_id outputId = { { 0xFF, 0xFF, 0xFF, 0xFE } };
+ 
diff -Nru opensc-0.11.13/debian/patches/series opensc-0.11.13/debian/patches/series
--- opensc-0.11.13/debian/patches/series	2010-03-01 06:06:15.000000000 +0000
+++ opensc-0.11.13/debian/patches/series	2010-12-22 14:38:40.000000000 +0000
@@ -1 +1,3 @@
+min-max-macros
+CVE-2010-4523
 debian-changes

Attachment: signature.asc
Description: Digital signature

Reply via email to