Fix CVE-2017-5898 (integer overflow in emulated_apdu_from_guest):

http://seclists.org/oss-sec/2017/q1/328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5898

Patch copied from upstream source repository:

http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a

From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Fri, 3 Feb 2017 00:52:28 +0530
Subject: [PATCH] usb: ccid: check ccid apdu length

CCID device emulator uses Application Protocol Data Units(APDU)
to exchange command and responses to and from the host.
The length in these units couldn't be greater than 65536. Add
check to ensure the same. It'd also avoid potential integer
overflow in emulated_apdu_from_guest.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20170202192228.10847-1-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb/dev-smartcard-reader.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
index 89e11b68c4..1325ea1659 100644
--- a/hw/usb/dev-smartcard-reader.c
+++ b/hw/usb/dev-smartcard-reader.c
@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
     DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
                 recv->hdr.bSeq, len);
     ccid_add_pending_answer(s, (CCID_Header *)recv);
-    if (s->card) {
+    if (s->card && len <= BULK_OUT_DATA_SIZE) {
         ccid_card_apdu_from_guest(s->card, recv->abData, len);
     } else {
         DPRINTF(s, D_WARN, "warning: discarded apdu\n");
-- 
2.11.1

n value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=43d59be5179c6100a982f0098f3d0695acba973b'>root</a>/<a href='/guix/log/tests?id=43d59be5179c6100a982f0098f3d0695acba973b'>tests</a>/<a href='/guix/log/tests/hackage.scm?id=43d59be5179c6100a982f0098f3d0695acba973b'>hackage.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/hackage.scm?id=43d59be5179c6100a982f0098f3d0695acba973b&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2023-12-03 16:15:29 +0100'>2023-12-03</span></td><td><a href='/guix/commit/tests/hackage.scm?id=ab8612d99eca5c25ecbefe026b04ed9f00e3f8b5'>guix: import: Fix parsing Cabal files that import many stanzas</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/import/cabal.scm (eval-cabal)[eval]: Split imports to a
normalized list before mapping over it.
* tests/hackage.scm: Test it.

Change-Id: I39ece019251b6a23a937c8562d2d4a545a6bc7df
Signed-off-by: Lars-Dominik Braun &lt;lars@6xq.net&gt;
</span></span></td><td>Saku Laesvuori</td></tr>
<tr><td><span title='2023-12-03 09:11:29 +0100'>2023-12-03</span></td><td><a href='/guix/commit/tests/hackage.scm?id=5bd00bb54235856dddd11e9f0d03481c5469ca63'>guix: import: Parse cabal layout blocks correctly</a><span class='msg-avail'>...<span class='msg-tooltip'>Cabal consideres lines to be part of a layout block if they are indented
at least one space more than the field line the block belongs to.
Previously Guix considered lines to be a part of the block if they were
indented at least as much as the first line in it.

This also makes a workaround that enabled if statements to have multiple
elses redundant and removes it.

Fixes: https://issues.guix.gnu.org/35743

* guix/import/cabal.scm (current-indentation*): Renamed from
current-indentation.
(previous-indentation, current-indentation): New variables.
(make-cabal-parser): Remove outdated comment.
[open]: Use previous-indentation + 1 instead of
current-indentation.
[elif-else]: Split to elif and else to allow only one ELSE in an if
statement.
(read-cabal)[parameterize]: Use current-indentation* and previous-indentation.
* tests/hackage.scm (hackage-&gt;guix-package test mixed layout): Expect to
  pass.

Change-Id: I3a1495b1588a022fabbfe8dad9f3231e578af4f3
Signed-off-by: Lars-Dominik Braun &lt;lars@6xq.net&gt;
</span></span></td><td>Saku Laesvuori</td></tr>

Age	Commit message (Expand)	Author
2023-12-03	guix: import: Fix parsing Cabal files that import many stanzas...* guix/import/cabal.scm (eval-cabal)[eval]: Split imports to a normalized list before mapping over it. * tests/hackage.scm: Test it. Change-Id: I39ece019251b6a23a937c8562d2d4a545a6bc7df Signed-off-by: Lars-Dominik Braun <lars@6xq.net>	Saku Laesvuori
2023-12-03	guix: import: Parse cabal layout blocks correctly...Cabal consideres lines to be part of a layout block if they are indented at least one space more than the field line the block belongs to. Previously Guix considered lines to be a part of the block if they were indented at least as much as the first line in it. This also makes a workaround that enabled if statements to have multiple elses redundant and removes it. Fixes: https://issues.guix.gnu.org/35743 * guix/import/cabal.scm (current-indentation): Renamed from current-indentation. (previous-indentation, current-indentation): New variables. (make-cabal-parser): Remove outdated comment. [open]: Use previous-indentation + 1 instead of current-indentation. [elif-else]: Split to elif and else to allow only one ELSE in an if statement. (read-cabal)[parameterize]: Use current-indentation and previous-indentation. * tests/hackage.scm (hackage->guix-package test mixed layout): Expect to pass. Change-Id: I3a1495b1588a022fabbfe8dad9f3231e578af4f3 Signed-off-by: Lars-Dominik Braun <lars@6xq.net>	Saku Laesvuori