[Pcsclite-git-commit] [PCSC] 02/03: SCardGetAttrib(): set pcbAttrLen when buffer is too small
Ludovic Rousseau
rousseau at moszumanska.debian.org
Thu Mar 31 15:44:07 UTC 2016
This is an automated email from the git hooks/post-receive script.
rousseau pushed a commit to branch master
in repository PCSC.
commit e64629f80a4639836399493ef5c3c717571ffc96
Author: Ludovic Rousseau <ludovic.rousseau at free.fr>
Date: Thu Mar 31 16:11:44 2016 +0200
SCardGetAttrib(): set pcbAttrLen when buffer is too small
When the user provides a pbAttr[] buffer too small then the error code
SCARD_E_INSUFFICIENT_BUFFER is returned and the correct buffer size
value is set in pcbAttrLen.
Before the change the value of pcbAttrLen was not changed so the user
had no idea what the correct value should be.
---
src/winscard_clnt.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/winscard_clnt.c b/src/winscard_clnt.c
index 67fb1a9..69e57ff 100644
--- a/src/winscard_clnt.c
+++ b/src/winscard_clnt.c
@@ -2499,11 +2499,16 @@ static LONG SCardGetSetAttrib(SCARDHANDLE hCard, int command, DWORD dwAttrId,
scGetSetStruct.hCard = hCard;
scGetSetStruct.dwAttrId = dwAttrId;
- scGetSetStruct.cbAttrLen = *pcbAttrLen;
scGetSetStruct.rv = SCARD_E_NO_SERVICE;
memset(scGetSetStruct.pbAttr, 0, sizeof(scGetSetStruct.pbAttr));
if (SCARD_SET_ATTRIB == command)
+ {
memcpy(scGetSetStruct.pbAttr, pbAttr, *pcbAttrLen);
+ scGetSetStruct.cbAttrLen = *pcbAttrLen;
+ }
+ else
+ /* we can get up to the communication buffer size */
+ scGetSetStruct.cbAttrLen = sizeof scGetSetStruct.pbAttr;
rv = MessageSendWithHeader(command, currentContextMap->dwClientID,
sizeof(scGetSetStruct), &scGetSetStruct);
@@ -2527,7 +2532,12 @@ static LONG SCardGetSetAttrib(SCARDHANDLE hCard, int command, DWORD dwAttrId,
*/
if (*pcbAttrLen < scGetSetStruct.cbAttrLen)
{
+ /* restrict the value of scGetSetStruct.cbAttrLen to avoid a
+ * buffer overflow in the memcpy() bellow */
+ DWORD correct_value = scGetSetStruct.cbAttrLen;
scGetSetStruct.cbAttrLen = *pcbAttrLen;
+ *pcbAttrLen = correct_value;
+
scGetSetStruct.rv = SCARD_E_INSUFFICIENT_BUFFER;
}
else
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pcsclite/PCSC.git
More information about the Pcsclite-cvs-commit
mailing list