[Pcsclite-cvs-commit] r2098 - trunk/Drivers/ccid/src

Ludovic Rousseau rousseau at costa.debian.org
Tue Jul 4 07:11:45 UTC 2006


Author: rousseau
Date: 2006-07-04 07:11:43 +0000 (Tue, 04 Jul 2006)
New Revision: 2098

Modified:
   trunk/Drivers/ccid/src/commands.c
Log:
make pcscd detect a buffer overflow when the receiving buffer is too
small instead of silently ignoring the detected problem. This problem
only occured with readers supporting Extended APDU.


Modified: trunk/Drivers/ccid/src/commands.c
===================================================================
--- trunk/Drivers/ccid/src/commands.c	2006-07-04 07:06:10 UTC (rev 2097)
+++ trunk/Drivers/ccid/src/commands.c	2006-07-04 07:11:43 UTC (rev 2098)
@@ -41,6 +41,7 @@
 
 #define max( a, b )   ( ( ( a ) > ( b ) ) ? ( a ) : ( b ) )
 #define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
+#define IFD_ERROR_INSUFFICIENT_BUFFER 700
 
 /* internal functions */
 static RESPONSECODE CmdXfrBlockAPDU_extended(unsigned int reader_index,
@@ -810,6 +811,7 @@
 {
 	unsigned char cmd[10+CMD_BUF_SIZE];	/* CCID + APDU buffer */
 	unsigned int length;
+	RESPONSECODE return_value = IFD_SUCCESS;
 
 time_request:
 	length = sizeof(cmd);
@@ -863,6 +865,7 @@
 	{
 		DEBUG_CRITICAL2("overrun by %d bytes", length - *rx_length);
 		length = *rx_length;
+		return_value = IFD_ERROR_INSUFFICIENT_BUFFER;
 	}
 	memcpy(rx_buffer, cmd+10, length);
 
@@ -871,7 +874,7 @@
 	if (chain_parameter)
 		*chain_parameter = cmd[CHAIN_PARAMETER_OFFSET];
 
-	return IFD_SUCCESS;
+	return return_value;
 } /* CCID_Receive */
 
 
@@ -889,6 +892,7 @@
 	unsigned char chain_parameter;
 	unsigned int local_tx_length, sent_length;
 	unsigned int local_rx_length, received_length;
+	int buffer_overflow = 0;
 
 	DEBUG_COMM2("T=0 (extended): %d bytes", tx_length);
 
@@ -957,6 +961,14 @@
 	local_rx_length = *rx_length - received_length;
 	return_value = CCID_Receive(reader_index, &local_rx_length, rx_buffer,
 		&chain_parameter);
+	if (IFD_ERROR_INSUFFICIENT_BUFFER == return_value)
+	{
+		buffer_overflow = 1;
+
+		/* we continue to read all the response APDU */
+		return_value = IFD_SUCCESS;
+	}
+
 	if (return_value != IFD_SUCCESS)
 		return return_value;
 
@@ -991,6 +1003,10 @@
 
 	*rx_length = received_length;
 
+	/* generate an overflow detected by pcscd */
+	if (buffer_overflow)
+		(*rx_length)++;
+
 	return IFD_SUCCESS;
 } /* CmdXfrBlockAPDU_extended */
 




More information about the Pcsclite-cvs-commit mailing list