scd: Fix possible NULL deref in apdu.c
ef0a3abf7305Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

scd: Fix possible NULL deref in apdu.c

* scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL.
(control_pcsc_wrapped): Ditto.

pcsc_vendor_specific_init calls the above with BUFFER and BUFLEN as
NULL.

Reported by Stack 0.3:

bug: anti-dce
model: |
  control_pcsc.exit77:
  %retval.0.i.i76 = phi i32 [ %rc.0.i.i.i73, \
          %pcsc_error_to_sw.exit.i.i74 ], [ 0, %if.end.i.i75 ]
  %tobool198 = icmp ne i32 %retval.0.i.i76, 0, !dbg !728
  br i1 %tobool198, label %if.then199, label %if.end200, !dbg !728
stack:
  - /home/wk/s/gnupg/scd/apdu.c:1882:0
ncore: 1
core:
  - /home/wk/s/gnupg/scd/apdu.c:1309:0
    - buffer overflow

Details

Provenance

• werner

Authored on Mar 15 2015, 12:15 PM

Parents

rG35db798c2df7: common: Make openpgp_oid_to_str more robust.

Branches

Unknown

Tags

Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rGef0a3abf7305: scd: Fix possible NULL deref in apdu.c (authored by Werner Koch <wk@gnupg.org>).Mar 15 2015, 12:15 PM

Changes (1)

Path

Size

scd/

apdu.c

rGef0a3abf7305

View Options

scd: Fix possible NULL deref in apdu.cef0a3abf7305UnpublishedActions