Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
yubico-piv-tool
CVE-2018-14779.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-14779.patch of Package yubico-piv-tool
From 01a127a44a2229ea14195208e444ec526eaf45f4 Mon Sep 17 00:00:00 2001 From: Klas Lindfors <klas@yubico.com> Date: Tue, 22 May 2018 13:31:20 +0200 Subject: [PATCH] lib: in ykpiv_transfer_data() handle overflow by exiting this is detected and printed, but we never exit the function Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us. --- lib/ykpiv.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) Index: yubico-piv-tool-1.5.0/lib/ykpiv.c =================================================================== --- yubico-piv-tool-1.5.0.orig/lib/ykpiv.c +++ yubico-piv-tool-1.5.0/lib/ykpiv.c @@ -561,7 +561,11 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state goto Cleanup; } if(*out_len + recv_len - 2 > max_out) { - fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); + if(state->verbose) { + fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); + } + res = YKPIV_SIZE_ERROR; + goto Cleanup; } if(out_data) { memcpy(out_data, data, recv_len - 2);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor