commit | 7e62255a4b3e0e2ab84a3ec7398640e8ed58620a | [log] [tgz] |
---|---|---|
author | Markus Armbruster <armbru@redhat.com> | Mon Nov 28 20:27:37 2011 +0100 |
committer | Anthony Liguori <aliguori@us.ibm.com> | Mon Nov 28 16:20:53 2011 -0600 |
tree | 2e5ccd7d2f972ddb3cde2a977ab592f2a02f1f3e | |
parent | aea317aaa5d92ee8789f976ccf105be67d956f5e [diff] |
ccid: Fix buffer overrun in handling of VSC_ATR message ATR size exceeding the limit is diagnosed, but then we merrily use it anyway, overrunning card->atr[]. The message is read from a character device. Obvious security implications unless the other end of the character device is trusted. Spotted by Coverity. CVE-2011-4111. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>