[Pcsclite-cvs-commit] PCSC/src winscard_clnt.c,1.21,1.22

corcoran-guest@quantz.debian.org corcoran-guest@quantz.debian.org
Thu, 15 Jan 2004 22:06:58 +0100


Update of /cvsroot/pcsclite/PCSC/src
In directory quantz:/tmp/cvs-serv16370

Modified Files:
	winscard_clnt.c 
Log Message:
In SCardStatus some of the memcopy's and strcpy's were occurring
before bounds checking. 





Index: winscard_clnt.c
===================================================================
RCS file: /cvsroot/pcsclite/PCSC/src/winscard_clnt.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- winscard_clnt.c	15 Jan 2004 18:31:26 -0000	1.21
+++ winscard_clnt.c	15 Jan 2004 21:06:55 -0000	1.22
@@ -1006,23 +1006,27 @@
 	/* return SCARD_E_INSUFFICIENT_BUFFER only if buffer pointer is non NULL */
 	if (mszReaderNames)
 	{
-		strncpy(mszReaderNames, psContextMap[dwContextIndex].psChannelMap[dwChannelIndex].readerName, dwReaderLen);
 		if (*pcchReaderLen > dwReaderLen)
 		{
 			SYS_MutexUnLock(psContextMap[dwContextIndex].mMutex);	
 			rv = SCARD_E_INSUFFICIENT_BUFFER;
 		}
+
+		strncpy(mszReaderNames, 
+			psContextMap[dwContextIndex].psChannelMap[dwChannelIndex].readerName, 
+			dwReaderLen);
 	}
 
 	if (pbAtr)
 	{
-		memcpy(pbAtr, (readerStates[i])->cardAtr,
-			min((readerStates[i])->cardAtrLength, dwAtrLen));
 		if (*pcbAtrLen > dwAtrLen)
 		{
 			SYS_MutexUnLock(psContextMap[dwContextIndex].mMutex);	
 			rv = SCARD_E_INSUFFICIENT_BUFFER;
 		}
+
+		memcpy(pbAtr, (readerStates[i])->cardAtr,
+			min((readerStates[i])->cardAtrLength, dwAtrLen));
 	}
 	
 	SYS_MutexUnLock(psContextMap[dwContextIndex].mMutex);