[Pcsclite-cvs-commit] r2285 - trunk/Drivers/ccid/src

[Ludovic Rousseau]

Author: rousseau
Date: 2006-12-25 23:33:58 +0100 (Mon, 25 Dec 2006)
New Revision: 2285

Modified:
   trunk/Drivers/ccid/src/commands.c
Log:
many commands: make sure we received at least STATUS_OFFSET+1 bytes
before reading the value of buffer[STATUS_OFFSET]

usb_bulk_read() may return 0 bytes instead of an error when the reader
is just disconnected


Modified: trunk/Drivers/ccid/src/commands.c
===================================================================
--- trunk/Drivers/ccid/src/commands.c	2006-12-25 22:29:27 UTC (rev 2284)
+++ trunk/Drivers/ccid/src/commands.c	2006-12-25 22:33:58 UTC (rev 2285)
@@ -104,6 +104,12 @@
 	if (res != STATUS_SUCCESS)
 		return IFD_COMMUNICATION_ERROR;
 
+	if (*nlength < STATUS_OFFSET+1)
+	{
+		DEBUG_CRITICAL2("Not enough data received: %d bytes", *nlength);
+		return IFD_COMMUNICATION_ERROR;
+	}
+
 	if (buffer[STATUS_OFFSET] & CCID_COMMAND_FAILED)
 	{
 		ccid_error(buffer[ERROR_OFFSET], __FILE__, __LINE__, __FUNCTION__);    /* bError */
@@ -618,6 +624,12 @@
 		return IFD_COMMUNICATION_ERROR;
 	}
 
+	if (length_out < STATUS_OFFSET+1)
+	{
+		DEBUG_CRITICAL2("Not enough data received: %d bytes", length_out);
+		return IFD_COMMUNICATION_ERROR;
+	}
+
 	if (cmd_out[STATUS_OFFSET] & CCID_COMMAND_FAILED)
 	{
 		ccid_error(cmd_out[ERROR_OFFSET], __FILE__, __LINE__, __FUNCTION__);    /* bError */
@@ -665,6 +677,12 @@
 	if (res != STATUS_SUCCESS)
 		return IFD_COMMUNICATION_ERROR;
 
+	if (length < STATUS_OFFSET+1)
+	{
+		DEBUG_CRITICAL2("Not enough data received: %d bytes", length);
+		return IFD_COMMUNICATION_ERROR;
+	}
+
 	if (cmd[STATUS_OFFSET] & CCID_COMMAND_FAILED)
 	{
 		ccid_error(cmd[ERROR_OFFSET], __FILE__, __LINE__, __FUNCTION__);    /* bError */
@@ -707,6 +725,12 @@
 	if (res != STATUS_SUCCESS)
 		return IFD_COMMUNICATION_ERROR;
 
+	if (length < STATUS_OFFSET+1)
+	{
+		DEBUG_CRITICAL2("Not enough data received: %d bytes", length);
+		return IFD_COMMUNICATION_ERROR;
+	}
+
 	if (buffer[STATUS_OFFSET] & CCID_COMMAND_FAILED)
 	{
 		ccid_error(buffer[ERROR_OFFSET], __FILE__, __LINE__, __FUNCTION__);    /* bError */
@@ -843,7 +867,7 @@
 		return IFD_COMMUNICATION_ERROR;
 	}
 
-	if (length < STATUS_OFFSET)
+	if (length < STATUS_OFFSET+1)
 	{
 		DEBUG_CRITICAL2("Not enough data received: %d bytes", length);
 		*rx_length = 0;
@@ -1460,6 +1484,12 @@
 	if (ReadPort(reader_index, &length, cmd) != STATUS_SUCCESS)
 		return IFD_COMMUNICATION_ERROR;
 
+	if (length < STATUS_OFFSET+1)
+	{
+		DEBUG_CRITICAL2("Not enough data received: %d bytes", length);
+		return IFD_COMMUNICATION_ERROR;
+	}
+
 	if (cmd[STATUS_OFFSET] & CCID_COMMAND_FAILED)
 	{
 		ccid_error(cmd[ERROR_OFFSET], __FILE__, __LINE__, __FUNCTION__);    /* bError */