Dear maintainer,
I've prepared an NMU for opensc (versioned as 0.11.13-1.1) and uploaded it immediately, given the security concern and urgency. The diff is attached to this message. I have subscribed to the package in the PTS in case of problems or any further action required, but please don't hesitate to mail me. Regards. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
diff -Nru opensc-0.11.13/debian/changelog opensc-0.11.13/debian/changelog --- opensc-0.11.13/debian/changelog 2010-03-01 05:58:15.000000000 +0000 +++ opensc-0.11.13/debian/changelog 2010-12-22 14:21:46.000000000 +0000 @@ -1,3 +1,11 @@ +opensc (0.11.13-1.1) unstable; urgency=high + + * Non-maintainer upload. + * CVE-2010-4523: Protect against buffer overflow from rogue cards + (closes: #607427) + + -- Jonathan Wiltshire <j...@debian.org> Wed, 22 Dec 2010 14:20:22 +0000 + opensc (0.11.13-1) unstable; urgency=low * New upstream release. (Closes: #570107, #505404) diff -Nru opensc-0.11.13/debian/patches/CVE-2010-4523 opensc-0.11.13/debian/patches/CVE-2010-4523 --- opensc-0.11.13/debian/patches/CVE-2010-4523 1970-01-01 01:00:00.000000000 +0100 +++ opensc-0.11.13/debian/patches/CVE-2010-4523 2010-12-22 14:20:00.000000000 +0000 @@ -0,0 +1,46 @@ +Description: protect against possible buffer overflows from rogue cards + (CVE-2010-4523) +Origin: https://www.opensc-project.org/opensc/changeset/4913 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427 +Forwarded: not-needed +Last-Update: 2010-12-22 + +--- opensc-0.11.13.orig/src/libopensc/card-acos5.c ++++ opensc-0.11.13/src/libopensc/card-acos5.c +@@ -140,8 +140,8 @@ + /* + * Cache serial number. + */ +- memcpy(card->serialnr.value, apdu.resp, apdu.resplen); +- card->serialnr.len = apdu.resplen; ++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR)); ++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR); + + /* + * Copy and return serial number. +--- opensc-0.11.13.orig/src/libopensc/card-atrust-acos.c ++++ opensc-0.11.13/src/libopensc/card-atrust-acos.c +@@ -853,8 +853,8 @@ + if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) + return SC_ERROR_INTERNAL; + /* cache serial number */ +- memcpy(card->serialnr.value, apdu.resp, apdu.resplen); +- card->serialnr.len = apdu.resplen; ++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR)); ++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR); + /* copy and return serial number */ + memcpy(serial, &card->serialnr, sizeof(*serial)); + return SC_SUCCESS; +--- opensc-0.11.13.orig/src/libopensc/card-starcos.c ++++ opensc-0.11.13/src/libopensc/card-starcos.c +@@ -1289,8 +1289,8 @@ + if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) + return SC_ERROR_INTERNAL; + /* cache serial number */ +- memcpy(card->serialnr.value, apdu.resp, apdu.resplen); +- card->serialnr.len = apdu.resplen; ++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR)); ++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR); + /* copy and return serial number */ + memcpy(serial, &card->serialnr, sizeof(*serial)); + return SC_SUCCESS; diff -Nru opensc-0.11.13/debian/patches/min-max-macros opensc-0.11.13/debian/patches/min-max-macros --- opensc-0.11.13/debian/patches/min-max-macros 1970-01-01 01:00:00.000000000 +0100 +++ opensc-0.11.13/debian/patches/min-max-macros 2010-12-22 14:40:49.000000000 +0000 @@ -0,0 +1,38 @@ +Description: move MIN/MAX macros from muscle.c to internal.h (needed for + patch CVE-2010-4523) +Origin: https://www.opensc-project.org/opensc/changeset/4912 +Forwarded: not-needed +Last-Update: 2010-12-22 + +--- opensc-0.11.13.orig/src/libopensc/internal.h ++++ opensc-0.11.13/src/libopensc/internal.h +@@ -50,6 +50,13 @@ + #define sleep(t) Sleep((t) * 1000) + #endif + ++#ifndef MAX ++#define MAX(x, y) (((x) > (y)) ? (x) : (y)) ++#endif ++#ifndef MIN ++#define MIN(x, y) (((x) < (y)) ? (x) : (y)) ++#endif ++ + struct sc_atr_table { + /* The atr fields are required to + * be in aa:bb:cc hex format. */ +--- opensc-0.11.13.orig/src/libopensc/muscle.c ++++ opensc-0.11.13/src/libopensc/muscle.c +@@ -28,13 +28,6 @@ + #define MSC_DSA_PUBLIC 0x04 + #define MSC_DSA_PRIVATE 0x05 + +-#ifndef MAX +-#define MAX(x, y) (((x) > (y)) ? (x) : (y)) +-#endif +-#ifndef MIN +-#define MIN(x, y) (((x) < (y)) ? (x) : (y)) +-#endif +- + static msc_id inputId = { { 0xFF, 0xFF, 0xFF, 0xFF } }; + static msc_id outputId = { { 0xFF, 0xFF, 0xFF, 0xFE } }; + diff -Nru opensc-0.11.13/debian/patches/series opensc-0.11.13/debian/patches/series --- opensc-0.11.13/debian/patches/series 2010-03-01 06:06:15.000000000 +0000 +++ opensc-0.11.13/debian/patches/series 2010-12-22 14:38:40.000000000 +0000 @@ -1 +1,3 @@ +min-max-macros +CVE-2010-4523 debian-changes
signature.asc
Description: Digital signature