[Pcsclite-cvs-commit] PCSC/src pcsclite.h,1.25,1.26 winscard_scf.c,1.7,1.8

aet-guest@quantz.debian.org aet-guest@quantz.debian.org
Tue, 21 Oct 2003 23:00:23 +0200


Update of /cvsroot/pcsclite/PCSC/src
In directory quantz:/tmp/cvs-serv14328

Modified Files:
	pcsclite.h winscard_scf.c 
Log Message:
- Potential security fixes to SCF client


Index: pcsclite.h
===================================================================
RCS file: /cvsroot/pcsclite/PCSC/src/pcsclite.h,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- pcsclite.h	20 Oct 2003 19:59:07 -0000	1.25
+++ pcsclite.h	21 Oct 2003 21:00:20 -0000	1.26
@@ -188,8 +188,6 @@
 
 #define PCSCLITE_MAX_READERS_CONTEXTS   256     /* Maximum readers context (a slot is count as a reader) */
 
-#define PCSCLITE_MAX_CONTEXTS           16    /* Only here because it is used in winscard_scf.c */
-
 #define PCSCLITE_MAX_THREADS            16	/* Stat change threads */
 #define PCSCLITE_MAX_COMSIZE            64	/* Maximum arg size */
 #define PCSCLITE_STATUS_WAIT            200000	/* Status Change Sleep */

Index: winscard_scf.c
===================================================================
RCS file: /cvsroot/pcsclite/PCSC/src/winscard_scf.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- winscard_scf.c	18 Oct 2003 17:19:36 -0000	1.7
+++ winscard_scf.c	21 Oct 2003 21:00:20 -0000	1.8
@@ -24,21 +24,21 @@
 #include "winscard.h"
 #include "debuglog.h"
 
-#define USE_THREAD_SAFETY
 #ifdef USE_THREAD_SAFETY
 #include "thread_generic.h"
+#else
+#error "client side thread safety required"
 #endif
 
 #include "readerfactory.h"
 #include "eventhandler.h"
 #include "sys_generic.h"
 
-#define TRUE 1
-#define FALSE 0
+#define TRUE	1
+#define FALSE	0
 
-#define PCSC_SCF_MAX_READERS 2
-#define PCSC_SCF_MAX_ATR_BUFFER_LENGTH 32
-#define PCSC_SCF_MAX_RECV_LEN 265
+#undef PCSCLITE_MAX_READERS_CONTEXTS
+#define PCSCLITE_MAX_READERS_CONTEXTS	2
 
 /* Global session to manage Readers, Card events. */
 static SCF_Session_t  g_hSession = NULL;
@@ -50,8 +50,7 @@
   BYTE Buffer[266];
   int isResponseCached;
   BYTE bufferLength;
-} psTransmitMap[PCSCLITE_MAX_CONTEXTS];
-
+} psTransmitMap[PCSCLITE_MAX_APPLICATION_CONTEXTS];
 
 /* Channel Map to manage Card Connections. */
 static struct _psChannelMap {
@@ -63,14 +62,14 @@
   short haveLock;
   short isReset;
   int ReaderIndice;
-} psChannelMap[PCSCLITE_MAX_CONTEXTS];
+} psChannelMap[PCSCLITE_MAX_APPLICATION_CONTEXTS];
 
 /* Context Map to manage contexts and sessions. */
 static struct _psContextMap {
   SCARDCONTEXT hContext;
   SCF_Session_t  hSession;
   DWORD        contextBlockStatus;
-} psContextMap[PCSCLITE_MAX_CONTEXTS];
+} psContextMap[PCSCLITE_MAX_APPLICATION_CONTEXTS];
 
 /* Reader Map to handle Status and GetStatusChange. */
 static struct _psReaderMap {
@@ -78,11 +77,10 @@
   LPSTR ReaderName;
   short SharedRefCount;
   DWORD dwCurrentState;
-  BYTE bAtr[PCSC_SCF_MAX_ATR_BUFFER_LENGTH];
+  BYTE bAtr[MAX_ATR_SIZE];
   DWORD dwAtrLength;
   SCF_ListenerHandle_t lHandle;
-} psReaderMap[PCSC_SCF_MAX_READERS];
-
+} psReaderMap[PCSCLITE_MAX_READERS_CONTEXTS];
 
 #ifdef USE_THREAD_SAFETY
 static PCSCLITE_MUTEX clientMutex = PTHREAD_MUTEX_INITIALIZER;
@@ -219,7 +217,7 @@
   /*Calculate the the buffer length reuired only once.
   */
   if(first_time) {
-    for(i=0;i<PCSC_SCF_MAX_READERS;i++) {
+    for(i=0;i<PCSCLITE_MAX_READERS_CONTEXTS;i++) {
       if(NULL != psReaderMap[i].ReaderName) 
 	dwReadersLen += strlen(psReaderMap[i].ReaderName) +1;
     }
@@ -243,7 +241,7 @@
   }
   
   tempPtr = mszReaders;
-  for(i=0;i<PCSC_SCF_MAX_READERS;i++) {
+  for(i=0;i<PCSCLITE_MAX_READERS_CONTEXTS;i++) {
     if(NULL != psReaderMap[i].ReaderName) {
       memcpy(tempPtr, psReaderMap[i].ReaderName, 
 	     strlen(psReaderMap[i].ReaderName)+1);
@@ -702,12 +700,12 @@
      return the first available reader 
   */
   if ( cReaders == 0 ) {
-      for(i=0;i<PCSC_SCF_MAX_READERS;i++) {
+      for(i=0;i<PCSCLITE_MAX_READERS_CONTEXTS;i++) {
 	if(psReaderMap[i].ReaderName) 
 	  return SCARD_S_SUCCESS;
       }
       return SCARD_E_READER_UNAVAILABLE;
-  } else if(cReaders >PCSC_SCF_MAX_READERS) {
+  } else if(cReaders >PCSCLITE_MAX_READERS_CONTEXTS) {
     return SCARD_E_INVALID_VALUE;
   }
    /* Check the integrity of the reader states structures */
@@ -946,12 +944,12 @@
 		      LPSCARD_IO_REQUEST pioRecvPci, LPBYTE pbRecvBuffer, 
 		      LPDWORD pcbRecvLength ) {
  
-  BYTE Buffer[256];
+  BYTE Buffer[MAX_BUFFER_SIZE];
   LONG  rv = 0;
   SCF_Card_t SCF_hCard;
   SCF_Status_t status;
   LONG retIndice;
-  LONG localRecvLen =PCSC_SCF_MAX_RECV_LEN ;
+  LONG localRecvLen =MAX_BUFFER_SIZE ;
    if(SCARD_S_SUCCESS != isOCFServerRunning())
     return SCARD_E_NO_SERVICE;
    if ( pbSendBuffer == 0 || pbRecvBuffer == 0 ||
@@ -1125,7 +1123,7 @@
     return LastIndex;
   }
   
-  for ( i=0; i<PCSCLITE_MAX_CONTEXTS; i++ ) {
+  for ( i=0; i<PCSCLITE_MAX_APPLICATION_CONTEXTS; i++ ) {
     if(hCard == psChannelMap[i].PCSC_hCard)
       return i;
   }
@@ -1139,7 +1137,7 @@
   if(NULL == ReaderName)
     return -1;
   
-  for(i=0;i<PCSC_SCF_MAX_READERS;i++) {
+  for(i=0;i<PCSCLITE_MAX_READERS_CONTEXTS;i++) {
     if((NULL!=psReaderMap[i].ReaderName) &&
        (strncmp(psReaderMap[i].ReaderName, ReaderName, 
 		strlen(psReaderMap[i].ReaderName)) == 0)) {
@@ -1159,7 +1157,7 @@
 {
   int i=0;
   
-  for( i=0; i < PCSCLITE_MAX_CONTEXTS; i++ ) {
+  for( i=0; i < PCSCLITE_MAX_APPLICATION_CONTEXTS; i++ ) {
     if(psChannelMap[i].PCSC_hCard == 0) {
       psChannelMap[i].PCSC_hCard = PCSC_hCard;
       psChannelMap[i].hContext = hContext;
@@ -1197,7 +1195,7 @@
     return SCARD_F_COMM_ERROR;
   
   if((NULL == pcbAtr) || (NULL == pcbAtrLen) ||
-     (PCSC_SCF_MAX_ATR_BUFFER_LENGTH < pAtr->length)) {
+     (MAX_ATR_SIZE < pAtr->length)) {
     if(NULL != pcbAtrLen)
       *pcbAtrLen = pAtr->length;
     SCF_Card_freeInfo(hCard, pAtr);
@@ -1381,7 +1379,7 @@
   i=0;
   
 
-  for ( i=0; i < PCSCLITE_MAX_CONTEXTS; i++ ) {
+  for ( i=0; i < PCSCLITE_MAX_APPLICATION_CONTEXTS; i++ ) {
     if ( psContextMap[i].hContext == 0 ) {
       psContextMap[i].hContext           = hContext;
       psContextMap[i].hSession = hSession;
@@ -1400,7 +1398,7 @@
   
 
   /* Find this context and return it's spot in the array */
-  for ( i=0; i<PCSCLITE_MAX_CONTEXTS; i++ ) {
+  for ( i=0; i<PCSCLITE_MAX_APPLICATION_CONTEXTS; i++ ) {
     if (( hContext == psContextMap[i].hContext) && (hContext != 0) ) {
       return i;
     }
@@ -1421,7 +1419,7 @@
     return SCARD_E_INVALID_HANDLE;
   } else {
     /* Free all handles for this context. */
-    for(i=0;i<PCSCLITE_MAX_CONTEXTS;i++) {
+    for(i=0;i<PCSCLITE_MAX_APPLICATION_CONTEXTS;i++) {
       if(psChannelMap[i].hContext == hContext) {
 	SCardRemoveHandle(psChannelMap[i].PCSC_hCard);
       }
@@ -1550,7 +1548,7 @@
     psReaderMap[ReaderIndice].dwCurrentState |= SCARD_STATE_EMPTY;
     psReaderMap[ReaderIndice].SharedRefCount = 0;
     psReaderMap[ReaderIndice].dwAtrLength = 0;
-    for(i=0;i<PCSCLITE_MAX_CONTEXTS;i++) {
+    for(i=0;i<PCSCLITE_MAX_APPLICATION_CONTEXTS;i++) {
      if((0 != psChannelMap[i].PCSC_hCard ) &&
 	 (psChannelMap[i].ReaderIndice == ReaderIndice)) {
        psChannelMap[i].haveLock = FALSE;
@@ -1564,7 +1562,7 @@
     /* TODO .... */
     break;
   case SCF_EVENT_CARDRESET:
-    for(i=0;i<PCSCLITE_MAX_CONTEXTS;i++) {
+    for(i=0;i<PCSCLITE_MAX_APPLICATION_CONTEXTS;i++) {
       if((0 != psChannelMap[i].PCSC_hCard ) &&
 	 (psChannelMap[i].ReaderIndice == ReaderIndice)) {
 	psChannelMap[i].isReset = TRUE;
@@ -1608,7 +1606,7 @@
 
   if(!first_time) 
     return SCARD_S_SUCCESS;
-  for ( i=0; i < PCSCLITE_MAX_CONTEXTS; i++ ) {
+  for ( i=0; i < PCSCLITE_MAX_APPLICATION_CONTEXTS; i++ ) {
     psContextMap[i].hContext=0;
     psContextMap[i].hSession = 0;
     psContextMap[i].contextBlockStatus = BLOCK_STATUS_RESUME;
@@ -1623,13 +1621,13 @@
     psTransmitMap[i].isResponseCached = 0;
     psTransmitMap[i].bufferLength = 0;
   }
-  for ( i=0; i <PCSC_SCF_MAX_READERS ; i++ ) {
+  for ( i=0; i <PCSCLITE_MAX_READERS_CONTEXTS ; i++ ) {
     psReaderMap[i].ReaderName = NULL;
     psReaderMap[i].hTerminal = 0;
     psReaderMap[i].SharedRefCount = 0;
     psReaderMap[i].dwCurrentState |= SCARD_STATE_UNAVAILABLE;
     psReaderMap[i].dwAtrLength =0;
-    memset(psReaderMap[i].bAtr, 0, PCSC_SCF_MAX_ATR_BUFFER_LENGTH);
+    memset(psReaderMap[i].bAtr, 0, MAX_ATR_SIZE);
     psReaderMap[i].lHandle = NULL;
   }
      
@@ -1638,7 +1636,7 @@
   status = SCF_Session_getInfo(g_hSession, "terminalnames", &tList);
   if (status != SCF_STATUS_SUCCESS) return SCARD_E_NO_SERVICE;
       
-  for(i=0;i<PCSC_SCF_MAX_READERS;i++) {
+  for(i=0;i<PCSCLITE_MAX_READERS_CONTEXTS;i++) {
     if(NULL == tList[i]) 
       break;
     psReaderMap[i].ReaderName = strdup(tList[i]);
@@ -1704,7 +1702,7 @@
   retIndice=0; i=0;
 #if 0
   if ( errorCode != SCARD_S_SUCCESS ) {
-    for ( i=0; i < PCSCLITE_MAX_CONTEXTS; i++ ) {
+    for ( i=0; i < PCSCLITE_MAX_APPLICATION_CONTEXTS; i++ ) {
       if ( strcmp(psChannelMap[i].readerName, readerName) == 0 ) {
 	return errorCode;
       }