Re: [Qemu-devel] [PATCH] ccid: Fix buffer overrun in handling of VSC_ATR message

Alon Levy writes: > On Mon, Nov 28, 2011 at 08:27:37PM +0100, Markus Armbruster wrote: >> ATR size exceeding the limit is diagnosed, but then we merrily use it >> anyway, overrunning card->atr[]. >> >> The message is read from a character device. Obvious security >> implications unless the othe

Re: [Qemu-devel] [PATCH] ccid: Fix buffer overrun in handling of VSC_ATR message

On Mon, Nov 28, 2011 at 08:27:37PM +0100, Markus Armbruster wrote: > ATR size exceeding the limit is diagnosed, but then we merrily use it > anyway, overrunning card->atr[]. > > The message is read from a character device. Obvious security > implications unless the other end of the character devi

[Qemu-devel] [PATCH] ccid: Fix buffer overrun in handling of VSC_ATR message

ATR size exceeding the limit is diagnosed, but then we merrily use it anyway, overrunning card->atr[]. The message is read from a character device. Obvious security implications unless the other end of the character device is trusted. Spotted by Coverity. CVE-2011-4111. Signed-off-by: Markus A