[Spice-devel] [PATCH libcacard 2/7] vcard_emul_nss: Do not segfault on bad data

Jakub Jelen jjelen at redhat.com
Tue Jul 31 09:35:46 UTC 2018


 * In case we already know that the card does not know raw RSA
   nor the data look like PKCS#1.5, we need to gracefully return.

 * If the client passed invalid data, the applications used to
   segfault here because of negative length argument to memset().

Signed-off-by: Jakub Jelen <jjelen at redhat.com>
Reviewed-by: Robert Relyea <rrelyea at redhat.com>
---
 src/vcard_emul_nss.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/vcard_emul_nss.c b/src/vcard_emul_nss.c
index 209a3aa..f2678d5 100644
--- a/src/vcard_emul_nss.c
+++ b/src/vcard_emul_nss.c
@@ -323,6 +323,12 @@ vcard_emul_rsa_op(VCard *card, VCardKey *key,
             key->failedX509 = VCardEmulTrue;
             goto cleanup;
         }
+    } else {
+        /* We can not do raw RSA operation, nor the data looks like PKCS#1.5
+         * bail out.
+         */
+        ret = VCARD7816_STATUS_ERROR_DATA_INVALID;
+        goto cleanup;
     }
     pad_len = buffer_size - signature_len;
     assert(pad_len < 4);
-- 
2.17.1



More information about the Spice-devel mailing list