scd: Fix possible NULL deref in apdu.c
b4ec909186d0Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

scd: Fix possible NULL deref in apdu.c

* scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL.
(control_pcsc_wrapped): Ditto.

pcsc_vendor_specific_init calls the above with BUFFER and BUFLEN as
NULL.

Reported by Stack 0.3:

bug: anti-dce
model: |
  control_pcsc.exit77:
  %retval.0.i.i76 = phi i32 [ %rc.0.i.i.i73, \
          %pcsc_error_to_sw.exit.i.i74 ], [ 0, %if.end.i.i75 ]
  %tobool198 = icmp ne i32 %retval.0.i.i76, 0, !dbg !728
  br i1 %tobool198, label %if.then199, label %if.end200, !dbg !728
stack:
  - /home/wk/s/gnupg/scd/apdu.c:1882:0
ncore: 1
core:
  - /home/wk/s/gnupg/scd/apdu.c:1309:0
    - buffer overflow

(backported from 2.1 commit ef0a3abf7305133d071bf1a94a7f461082f9a9aa)

Details

Provenance

• werner	Authored on Mar 15 2015, 12:15 PM
• gniibe	Committed on Apr 15 2015, 9:06 AM

Parents

rG067b6360be67: po: Update Japanese translation.

Branches

Unknown

Tags

Unknown

Event Timeline

NIIBE Yutaka <gniibe@fsij.org> committed rGb4ec909186d0: scd: Fix possible NULL deref in apdu.c (authored by Werner Koch <wk@gnupg.org>).Apr 15 2015, 9:06 AM

Changes (1)

Path

Size

scd/

apdu.c

rGb4ec909186d0

View Options

scd: Fix possible NULL deref in apdu.cb4ec909186d0UnpublishedActions