* In case we already know that the card does not know raw RSA
nor the data look like PKCS#1.5, we need to gracefully return.
* If the client passed invalid data, the applications used to
segfault here because of negative length argument to memset().
Signed-off-by: Jakub Jelen <jjelen@xxxxxxxxxx>
Reviewed-by: Robert Relyea <rrelyea@xxxxxxxxxx>
---
src/vcard_emul_nss.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/vcard_emul_nss.c b/src/vcard_emul_nss.c
index 209a3aa..f2678d5 100644
--- a/src/vcard_emul_nss.c
+++ b/src/vcard_emul_nss.c
@@ -323,6 +323,12 @@ vcard_emul_rsa_op(VCard *card, VCardKey *key,
key->failedX509 = VCardEmulTrue;
goto cleanup;
}
+ } else {
+ /* We can not do raw RSA operation, nor the data looks like PKCS#1.5
+ * bail out.
+ */
+ ret = VCARD7816_STATUS_ERROR_DATA_INVALID;
+ goto cleanup;
}
pad_len = buffer_size - signature_len;
assert(pad_len < 4);
--
2.17.1
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel