[Pcsclite-cvs-commit] PCSC/src winscard_clnt.c,1.21,1.22
corcoran-guest@quantz.debian.org
corcoran-guest@quantz.debian.org
Thu, 15 Jan 2004 22:06:58 +0100
Update of /cvsroot/pcsclite/PCSC/src
In directory quantz:/tmp/cvs-serv16370
Modified Files:
winscard_clnt.c
Log Message:
In SCardStatus some of the memcopy's and strcpy's were occurring
before bounds checking.
Index: winscard_clnt.c
===================================================================
RCS file: /cvsroot/pcsclite/PCSC/src/winscard_clnt.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- winscard_clnt.c 15 Jan 2004 18:31:26 -0000 1.21
+++ winscard_clnt.c 15 Jan 2004 21:06:55 -0000 1.22
@@ -1006,23 +1006,27 @@
/* return SCARD_E_INSUFFICIENT_BUFFER only if buffer pointer is non NULL */
if (mszReaderNames)
{
- strncpy(mszReaderNames, psContextMap[dwContextIndex].psChannelMap[dwChannelIndex].readerName, dwReaderLen);
if (*pcchReaderLen > dwReaderLen)
{
SYS_MutexUnLock(psContextMap[dwContextIndex].mMutex);
rv = SCARD_E_INSUFFICIENT_BUFFER;
}
+
+ strncpy(mszReaderNames,
+ psContextMap[dwContextIndex].psChannelMap[dwChannelIndex].readerName,
+ dwReaderLen);
}
if (pbAtr)
{
- memcpy(pbAtr, (readerStates[i])->cardAtr,
- min((readerStates[i])->cardAtrLength, dwAtrLen));
if (*pcbAtrLen > dwAtrLen)
{
SYS_MutexUnLock(psContextMap[dwContextIndex].mMutex);
rv = SCARD_E_INSUFFICIENT_BUFFER;
}
+
+ memcpy(pbAtr, (readerStates[i])->cardAtr,
+ min((readerStates[i])->cardAtrLength, dwAtrLen));
}
SYS_MutexUnLock(psContextMap[dwContextIndex].mMutex);