[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] ccid: Fix buffer overrun in handling of VSC_ATR
|
From: |
Markus Armbruster |
|
Subject: |
Re: [Qemu-devel] [PATCH] ccid: Fix buffer overrun in handling of VSC_ATR message |
|
Date: |
Tue, 29 Nov 2011 10:51:25 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) |
Alon Levy <address@hidden> writes:
> On Mon, Nov 28, 2011 at 08:27:37PM +0100, Markus Armbruster wrote:
>> ATR size exceeding the limit is diagnosed, but then we merrily use it
>> anyway, overrunning card->atr[].
>>
>> The message is read from a character device. Obvious security
>> implications unless the other end of the character device is trusted.
>>
>> Spotted by Coverity. CVE-2011-4111.
>>
>
> Anthony, do you want me to do a pull request for this or can you merge
> it as is?
It's already in, commit 7e62255a.