PSARC/2016/217 Smartcard Reintroduction
PSARC/2016/232 CACkey Smartcard PKCS#11 provider
22822476 Add CACKey v0.7.4 to Userland consolidation
Source:
Internal
Info:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2806
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows
remote attackers to have unspecified impact via unknown vectors.
Status:
Need to determine if this patch has been sent upstream.
--- libtasn1-2.8/lib/parser_aux.c.orig 2015-04-15 12:36:59.603251259 +0530
+++ libtasn1-2.8/lib/parser_aux.c 2015-04-15 12:38:34.145677358 +0530
@@ -580,7 +580,7 @@ _asn1_delete_list_and_nodes (void)
char *
-_asn1_ltostr (long v, char *str)
+_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE])
{
long d, r;
char temp[20];
@@ -604,7 +604,7 @@ _asn1_ltostr (long v, char *str)
count++;
v = d;
}
- while (v);
+ while (v && ((start+count) < LTOSTR_MAX_SIZE-1));
for (k = 0; k < count; k++)
str[k + start] = temp[start + count - k - 1];
--- libtasn1-2.8/lib/parser_aux.h.orig 2015-04-15 12:38:41.020519734 +0530
+++ libtasn1-2.8/lib/parser_aux.h 2015-04-15 12:40:23.768693524 +0530
@@ -63,7 +63,9 @@ void _asn1_delete_list (void);
void _asn1_delete_list_and_nodes (void);
-char *_asn1_ltostr (long v, char *str);
+/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */
+#define LTOSTR_MAX_SIZE 22
+char *_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]);
ASN1_TYPE _asn1_find_up (ASN1_TYPE node);