Re: Wheezy update of pcsc-lite?
diff -Nru pcsc-lite-1.8.4/debian/changelog pcsc-lite-1.8.4/debian/changelog
--- pcsc-lite-1.8.4/debian/changelog 2013-05-22 09:35:40.000000000 +0200
+++ pcsc-lite-1.8.4/debian/changelog 2017-01-06 12:59:54.000000000 +0100
@@ -1,3 +1,10 @@
+pcsc-lite (1.8.4-1+deb7u2) wheezy; urgency=medium
+
+ * Fix CVE-2016-10109 "use-after-free and double-free"
+ Apply 2 patches from upstream to fix the issue.
+
+ -- Ludovic Rousseau <rousseau@debian.org> Fri, 06 Jan 2017 12:59:54 +0100
+
pcsc-lite (1.8.4-1+deb7u1) wheezy; urgency=low
* Fix "failed upgrade squeeze -> wheezy" by removing addgroup call
diff -Nru pcsc-lite-1.8.4/debian/patches/0001-SCardReleaseContext-prevent-use-after-free-of-cardsL.patch pcsc-lite-1.8.4/debian/patches/0001-SCardReleaseContext-prevent-use-after-free-of-cardsL.patch
--- pcsc-lite-1.8.4/debian/patches/0001-SCardReleaseContext-prevent-use-after-free-of-cardsL.patch 1970-01-01 01:00:00.000000000 +0100
+++ pcsc-lite-1.8.4/debian/patches/0001-SCardReleaseContext-prevent-use-after-free-of-cardsL.patch 2017-01-06 12:59:54.000000000 +0100
@@ -0,0 +1,21 @@
+--- a/src/winscard_svc.c
++++ b/src/winscard_svc.c
+@@ -811,7 +811,6 @@
+ "list_delete_at failed with return value: %d", lrv);
+ }
+ (void)pthread_mutex_unlock(&threadContext->cardsList_lock);
+- list_destroy(&(threadContext->cardsList));
+
+ /* We only mark the context as no longer in use.
+ * The memory is freed in MSGCleanupCLient() */
+@@ -913,6 +912,10 @@
+ (void)MSGRemoveContext(threadContext->hContext, threadContext);
+ }
+
++ (void)pthread_mutex_lock(&threadContext->cardsList_lock);
++ list_destroy(&threadContext->cardsList);
++ (void)pthread_mutex_unlock(&threadContext->cardsList_lock);
++
+ Log3(PCSC_LOG_DEBUG,
+ "Thread is stopping: dwClientID=%d, threadContext @%p",
+ threadContext->dwClientID, threadContext);
diff -Nru pcsc-lite-1.8.4/debian/patches/0002-SCard-check-for-a-valid-hContext-handles.patch pcsc-lite-1.8.4/debian/patches/0002-SCard-check-for-a-valid-hContext-handles.patch
--- pcsc-lite-1.8.4/debian/patches/0002-SCard-check-for-a-valid-hContext-handles.patch 1970-01-01 01:00:00.000000000 +0100
+++ pcsc-lite-1.8.4/debian/patches/0002-SCard-check-for-a-valid-hContext-handles.patch 2017-01-06 12:59:54.000000000 +0100
@@ -0,0 +1,28 @@
+--- a/src/winscard_svc.c
++++ b/src/winscard_svc.c
+@@ -747,6 +747,12 @@
+ LONG rv;
+ int lrv;
+
++ if (0 == threadContext->hContext)
++ {
++ Log1(PCSC_LOG_ERROR, "Invalidated handle");
++ return SCARD_E_INVALID_HANDLE;
++ }
++
+ if (threadContext->hContext != hContext)
+ return SCARD_E_INVALID_VALUE;
+
+@@ -822,6 +828,12 @@
+ static LONG MSGAddHandle(SCARDCONTEXT hContext, SCARDHANDLE hCard,
+ SCONTEXT * threadContext)
+ {
++ if (0 == threadContext->hContext)
++ {
++ Log1(PCSC_LOG_ERROR, "Invalidated handle");
++ return SCARD_E_INVALID_HANDLE;
++ }
++
+ if (threadContext->hContext == hContext)
+ {
+ /*
diff -Nru pcsc-lite-1.8.4/debian/patches/series pcsc-lite-1.8.4/debian/patches/series
--- pcsc-lite-1.8.4/debian/patches/series 2013-05-15 11:48:08.000000000 +0200
+++ pcsc-lite-1.8.4/debian/patches/series 2017-01-06 12:59:54.000000000 +0100
@@ -1,2 +1,4 @@
readerfactory
winscard_clnt
+0001-SCardReleaseContext-prevent-use-after-free-of-cardsL.patch
+0002-SCard-check-for-a-valid-hContext-handles.patch
Reply to: