[Spice-devel] [PATCH libcacard 2/7] vcard_emul_nss: Do not segfault on bad data
Jakub Jelen
jjelen at redhat.com
Tue Jul 31 09:35:46 UTC 2018
* In case we already know that the card does not know raw RSA
nor the data look like PKCS#1.5, we need to gracefully return.
* If the client passed invalid data, the applications used to
segfault here because of negative length argument to memset().
Signed-off-by: Jakub Jelen <jjelen at redhat.com>
Reviewed-by: Robert Relyea <rrelyea at redhat.com>
---
src/vcard_emul_nss.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/vcard_emul_nss.c b/src/vcard_emul_nss.c
index 209a3aa..f2678d5 100644
--- a/src/vcard_emul_nss.c
+++ b/src/vcard_emul_nss.c
@@ -323,6 +323,12 @@ vcard_emul_rsa_op(VCard *card, VCardKey *key,
key->failedX509 = VCardEmulTrue;
goto cleanup;
}
+ } else {
+ /* We can not do raw RSA operation, nor the data looks like PKCS#1.5
+ * bail out.
+ */
+ ret = VCARD7816_STATUS_ERROR_DATA_INVALID;
+ goto cleanup;
}
pad_len = buffer_size - signature_len;
assert(pad_len < 4);
--
2.17.1
More information about the Spice-devel
mailing list