[Pcsclite-cvs-commit] Drivers/ccid/src ccid_usb.c,1.6,1.7 parse.c,1.5,1.6

rousseau@quantz.debian.org rousseau@quantz.debian.org
Mon, 05 Jan 2004 21:54:01 +0100


Update of /cvsroot/pcsclite/Drivers/ccid/src
In directory quantz:/tmp/cvs-serv14851

Modified Files:
	ccid_usb.c parse.c 
Log Message:
add a test on the USB extra field length to avoid a crash and print an
error message. This occurs when the reader is _not_ CCID and the CCID
driver is used (wrong Info.plist for example).


Index: ccid_usb.c
===================================================================
RCS file: /cvsroot/pcsclite/Drivers/ccid/src/ccid_usb.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- ccid_usb.c	16 Dec 2003 10:11:09 -0000	1.6
+++ ccid_usb.c	5 Jan 2004 20:53:59 -0000	1.7
@@ -105,9 +105,7 @@
 	DEBUG_COMM3("OpenUSB: Lun: %X, Channel: %X", lun, Channel);
 
 	if (busses == NULL)
-	{
 		usb_init();
-	} 
 
 	usb_find_busses();
 	usb_find_devices();
@@ -213,6 +211,12 @@
 							{
 								DEBUG_CRITICAL2("No dev->config found for %s",
 									 device_name);
+								return STATUS_UNSUCCESSFUL;
+							}
+
+							if (dev->config->interface->altsetting->extralen < 54)
+							{
+								DEBUG_CRITICAL3("Extra field too short for %s: %d", device_name, dev->config->interface->altsetting->extralen);
 								return STATUS_UNSUCCESSFUL;
 							}
 

Index: parse.c
===================================================================
RCS file: /cvsroot/pcsclite/Drivers/ccid/src/parse.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- parse.c	29 Oct 2003 18:01:23 -0000	1.5
+++ parse.c	5 Jan 2004 20:53:59 -0000	1.6
@@ -143,6 +143,13 @@
 
 	printf(" iInterface: %d\n", usb_interface->iInterface);
 
+	if (usb_interface->extralen < 54)
+	{
+		printf("USB extra length is too short: %d\n", usb_interface->extralen);
+		printf("\n  NOT A CCID DEVICE\n");
+		return TRUE;
+	}
+
 	/*
 	 * CCID Class Descriptor
 	 */