[Pcsclite-cvs-commit] r6320 - /trunk/PCSC/src/readerfactory.c
rousseau at users.alioth.debian.org
rousseau at users.alioth.debian.org
Tue Jun 5 09:05:45 UTC 2012
Author: rousseau
Date: Tue Jun 5 09:05:45 2012
New Revision: 6320
URL: http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=6320
Log:
RFCreateReaderHandle(): generates a 32-bits random for hCard
Since the change in revision 6316 dwIdentity is no more used to identify
a hCard -> reader relation.
So we can just generate a hCard as a full 32-bits random.
The security should be improved with a change from 16-bits random to a
32-bits random. It will be more difficult for a rogue client to guess a
valid hCard value.
Modified:
trunk/PCSC/src/readerfactory.c
Modified: trunk/PCSC/src/readerfactory.c
URL: http://svn.debian.org/wsvn/pcsclite/trunk/PCSC/src/readerfactory.c?rev=6320&op=diff
==============================================================================
--- trunk/PCSC/src/readerfactory.c (original)
+++ trunk/PCSC/src/readerfactory.c Tue Jun 5 09:05:45 2012
@@ -1015,47 +1015,27 @@
SCARDHANDLE RFCreateReaderHandle(READER_CONTEXT * rContext)
{
- USHORT randHandle;
-
- /* Create a random handle with 16 bits check to see if it already is
- * used. */
- /* FIXME: THIS IS NOT STRONG ENOUGH: A 128-bit token should be
- * generated. The client and server would associate token and hCard
- * for authentication. */
- randHandle = SYS_RandomInt(10, 65000);
-
- int i;
-again:
- for (i = 0; i < PCSCLITE_MAX_READERS_CONTEXTS; i++)
- {
- if (sReadersContexts[i]->vHandle != 0)
- {
- RDR_CLIHANDLES *currentHandle;
- list_t * l = &sReadersContexts[i]->handlesList;
-
- (void)pthread_mutex_lock(&sReadersContexts[i]->handlesList_lock);
- list_iterator_start(l);
- while (list_iterator_hasnext(l))
- {
- currentHandle = list_iterator_next(l);
- if (((LONG)rContext->dwIdentity + randHandle) ==
- (currentHandle->hCard))
- {
- /* Get a new handle and loop again */
- randHandle = SYS_RandomInt(10, 65000);
- list_iterator_stop(l);
- (void)pthread_mutex_unlock(&sReadersContexts[i]->handlesList_lock);
- goto again;
- }
- }
- list_iterator_stop(l);
- (void)pthread_mutex_unlock(&sReadersContexts[i]->handlesList_lock);
- }
- }
+ SCARDHANDLE randHandle;
+ READER_CONTEXT *dummy_reader;
+ LONG ret;
+
+ do
+ {
+ /* Create a random handle with 32 bits check to see if it already is
+ * used. */
+ /* FIXME: THIS IS NOT STRONG ENOUGH: A 128-bit token should be
+ * generated. The client and server would associate token and hCard
+ * for authentication. */
+ randHandle = SYS_RandomInt(0, -1);
+
+ /* do we already use this hCard somewhere? */
+ ret = RFReaderInfoById(randHandle, &dummy_reader);
+ }
+ while (SCARD_S_SUCCESS == ret);
/* Once the for loop is completed w/o restart a good handle was
* found and the loop can be exited. */
- return rContext->dwIdentity + randHandle;
+ return randHandle;
}
LONG RFDestroyReaderHandle(/*@unused@*/ SCARDHANDLE hCard)
More information about the Pcsclite-cvs-commit
mailing list