[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of pcsc-lite?

2017-01-04 17:35 GMT+01:00 Chris Lamb <lamby@debian.org>:
Hello dear maintainer(s),

Hello,
 

the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of pcsc-lite:
https://security-tracker.debian.org/tracker/source-package/pcsc-lite

Would you like to take care of this yourself?

If yes, please follow the workflow we have defined here:
https://wiki.debian.org/LTS/Development

If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts@lists.debian.org
(via a debdiff, or with an URL pointing to the source package,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. Indicate clearly whether you
have tested the updated package or not.

If you don't want to take care of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.

You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of pcsc-lite updates
for the LTS releases.

Thank you very much.

Chris Lamb,
  on behalf of the Debian LTS team.

PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup


I prepared a debdiff for the version present in oldstable.
It is the same patches I used for the Debian stable update but updated for the pcsc-lite version present in oldstable.

I have re-build the package in a Debian testing system and tested the PoC provided in the CVE does not work any more.  I have not tested the package in oldstable but I am confident it will work.

Bye

--
 Dr. Ludovic Rousseau
diff -Nru pcsc-lite-1.8.4/debian/changelog pcsc-lite-1.8.4/debian/changelog
--- pcsc-lite-1.8.4/debian/changelog	2013-05-22 09:35:40.000000000 +0200
+++ pcsc-lite-1.8.4/debian/changelog	2017-01-06 12:59:54.000000000 +0100
@@ -1,3 +1,10 @@
+pcsc-lite (1.8.4-1+deb7u2) wheezy; urgency=medium
+
+  * Fix CVE-2016-10109 "use-after-free and double-free"
+    Apply 2 patches from upstream to fix the issue.
+
+ -- Ludovic Rousseau <rousseau@debian.org>  Fri, 06 Jan 2017 12:59:54 +0100
+
 pcsc-lite (1.8.4-1+deb7u1) wheezy; urgency=low
 
   * Fix "failed upgrade squeeze -> wheezy" by removing addgroup call
diff -Nru pcsc-lite-1.8.4/debian/patches/0001-SCardReleaseContext-prevent-use-after-free-of-cardsL.patch pcsc-lite-1.8.4/debian/patches/0001-SCardReleaseContext-prevent-use-after-free-of-cardsL.patch
--- pcsc-lite-1.8.4/debian/patches/0001-SCardReleaseContext-prevent-use-after-free-of-cardsL.patch	1970-01-01 01:00:00.000000000 +0100
+++ pcsc-lite-1.8.4/debian/patches/0001-SCardReleaseContext-prevent-use-after-free-of-cardsL.patch	2017-01-06 12:59:54.000000000 +0100
@@ -0,0 +1,21 @@
+--- a/src/winscard_svc.c
++++ b/src/winscard_svc.c
+@@ -811,7 +811,6 @@
+ 				"list_delete_at failed with return value: %d", lrv);
+ 	}
+ 	(void)pthread_mutex_unlock(&threadContext->cardsList_lock);
+-	list_destroy(&(threadContext->cardsList));
+ 
+ 	/* We only mark the context as no longer in use.
+ 	 * The memory is freed in MSGCleanupCLient() */
+@@ -913,6 +912,10 @@
+ 		(void)MSGRemoveContext(threadContext->hContext, threadContext);
+ 	}
+ 
++	(void)pthread_mutex_lock(&threadContext->cardsList_lock);
++	list_destroy(&threadContext->cardsList);
++	(void)pthread_mutex_unlock(&threadContext->cardsList_lock);
++
+ 	Log3(PCSC_LOG_DEBUG,
+ 		"Thread is stopping: dwClientID=%d, threadContext @%p",
+ 		threadContext->dwClientID, threadContext);
diff -Nru pcsc-lite-1.8.4/debian/patches/0002-SCard-check-for-a-valid-hContext-handles.patch pcsc-lite-1.8.4/debian/patches/0002-SCard-check-for-a-valid-hContext-handles.patch
--- pcsc-lite-1.8.4/debian/patches/0002-SCard-check-for-a-valid-hContext-handles.patch	1970-01-01 01:00:00.000000000 +0100
+++ pcsc-lite-1.8.4/debian/patches/0002-SCard-check-for-a-valid-hContext-handles.patch	2017-01-06 12:59:54.000000000 +0100
@@ -0,0 +1,28 @@
+--- a/src/winscard_svc.c
++++ b/src/winscard_svc.c
+@@ -747,6 +747,12 @@
+ 	LONG rv;
+ 	int lrv;
+ 
++	if (0 == threadContext->hContext)
++	{
++		Log1(PCSC_LOG_ERROR, "Invalidated handle");
++		return SCARD_E_INVALID_HANDLE;
++	}
++
+ 	if (threadContext->hContext != hContext)
+ 		return SCARD_E_INVALID_VALUE;
+ 
+@@ -822,6 +828,12 @@
+ static LONG MSGAddHandle(SCARDCONTEXT hContext, SCARDHANDLE hCard,
+ 	SCONTEXT * threadContext)
+ {
++	if (0 == threadContext->hContext)
++	{
++		Log1(PCSC_LOG_ERROR, "Invalidated handle");
++		return SCARD_E_INVALID_HANDLE;
++	}
++
+ 	if (threadContext->hContext == hContext)
+ 	{
+ 		/*
diff -Nru pcsc-lite-1.8.4/debian/patches/series pcsc-lite-1.8.4/debian/patches/series
--- pcsc-lite-1.8.4/debian/patches/series	2013-05-15 11:48:08.000000000 +0200
+++ pcsc-lite-1.8.4/debian/patches/series	2017-01-06 12:59:54.000000000 +0100
@@ -1,2 +1,4 @@
 readerfactory
 winscard_clnt
+0001-SCardReleaseContext-prevent-use-after-free-of-cardsL.patch
+0002-SCard-check-for-a-valid-hContext-handles.patch
Reply to: