From 4cd23b8378e68283c7c9cf0b1e25dae11cf69c3e Mon Sep 17 00:00:00 2001
From: Matthias Maier <tamiko@43-1.org>
Date: Tue, 14 Jun 2016 00:15:48 -0500
Subject: [PATCH 2/2] Port fix for CVE-2016-0749 to 0.13.1, part II

This is a port of

  0066-smartcard-allocate-msg-with-the-expected-size.patch

to version 0.13.1

Original commit message:

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Marc-Andre Lureau <marcandre.lureau@redhat.com>
Date: Thu, 17 Dec 2015 18:16:22 +0100
Subject: [PATCH] smartcard: allocate msg with the expected size

[...]

Signed-off-by: Marc-Andre Lureau <marcandre.lureau@redhat.com>
---
 server/smartcard.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/smartcard.c b/server/smartcard.c
index 96e4295..c317512 100644
--- a/server/smartcard.c
+++ b/server/smartcard.c
@@ -313,7 +313,7 @@ static void smartcard_char_device_notify_reader_add(RedCharDeviceSmartcard *dev)
     RedCharDeviceWriteBuffer *write_buf;
     VSCMsgHeader *vheader;
 
-    write_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), NULL, sizeof(vheader));
+    write_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), NULL, sizeof(*vheader));
     if (!write_buf) {
         spice_error("failed to allocate write buffer");
         return;
@@ -360,7 +360,7 @@ static void smartcard_char_device_notify_reader_remove(RedCharDeviceSmartcard *d
         spice_debug("reader add was never sent to the device");
         return;
     }
-    write_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), NULL, sizeof(vheader));
+    write_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), NULL, sizeof(*vheader));
     if (!write_buf) {
         spice_error("failed to allocate write buffer");
         return;
-- 
2.7.3