Maniphest T8281

scd: Have a limit for data object handling
Testing, NormalPublic
Actions

Assigned To
gniibe
Authored By
gniibe
Mon, Jun 1, 3:24 AM
Tags
Subscribers
alexk
gniibe
m.eik
werner

Description

In scdaemon, there exists a possible DoS attack vector: a malicious/buggy device tries to return large DO by SW_MORE_DATA .

Reported by: Jakub Jelen, Found by AISLE in partnership with Red Hat

Revisions and Commits

rG GnuPG
rGab3b9c7709fd scd: Limit the size of data object returned from a device.

Event Timeline

gniibe triaged this task as Normal priority.Mon, Jun 1, 3:24 AM
gniibe created this task.
gniibe mentioned this in Unknown Object (Maniphest Task).
gniibe added a commit: rGab3b9c7709fd: scd: Limit the size of data object returned from a device..Tue, Jun 2, 3:55 AM
gniibe changed the task status from Open to Testing.Tue, Jun 2, 3:56 AM
gniibe shifted this object from the Restricted Space space to the S1 Public space.Mon, Jun 8, 3:21 AM
gniibe changed the visibility from "g10code (Project)" to "All Users".
gniibe changed the edit policy from "Custom Policy" to "All Users".
gniibe changed the visibility from "All Users" to "Public (No Login Required)".
gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Jun 8, 3:32 AM