$NetBSD: patch-ac,v 1.5 2010/12/17 17:00:35 shannonjr Exp $ --- src/atrhandler.c.orig 2009-07-28 20:57:07.000000000 +0000 +++ src/atrhandler.c @@ -239,6 +239,13 @@ short ATRDecodeAtr(PSMARTCARD_EXTENSION if (psExtension->CardCapabilities.AvailableProtocols & SCARD_PROTOCOL_T1) TCK = pucAtr[p++]; + /* + * The following 2 lines were backported from PCSC-lite version 1.6.6 + * to correct buffer overflow vulnerability. + */ + if (p > MAX_ATR_SIZE) + return 0; /** @retval 0 Maximum attribute size */ + memcpy(psExtension->ATR.Value, pucAtr, p); psExtension->ATR.Length = p; /* modified from p-1 */