<div dir="ltr"><div><div><div><div>Hello,<br><br></div>Why can't you fix the problem in the CT-API ifdhandler?<br></div><div>You can use the same patch in IFDHTransmitToICC() [1] of your driver.<br></div><br></div>I don't think the problem is on the pcsc-lite side.<br>Please fix your IFDHandler driver.<br><br></div>Regards,<br><div><div><div><br>[1] <a href="https://pcsclite.alioth.debian.org/api/group__IFDHandler.html#gac86e07f01d11accda93fb80d3935eeed">https://pcsclite.alioth.debian.org/api/group__IFDHandler.html#gac86e07f01d11accda93fb80d3935eeed</a><br><br><div><div><div class="gmail_extra"><div class="gmail_quote">2015-12-08 13:39 GMT+01:00 Marc Kleine-Budde <span dir="ltr"><<a href="mailto:mkl@pengutronix.de" target="_blank">mkl@pengutronix.de</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">In commit:<br>
<br>
8eb9ea1b354b SCardTransmit() may return SCARD_E_INSUFFICIENT_BUFFER<br>
<br>
the recv buffer size, passed to the SCardTransmit() function, is set<br>
unconditionally to "sizeof pbRecvBuffer", which is 64k + 12. This leads to<br>
problems when the CT API is used in the lower layers, as the CT API implements<br>
a maximum recv buffer size of 64k.<br>
<br>
This leads to the truncation of the recv buffer size to 12. If the client has<br>
supplied a buffer of >12 bytes, resulting in truncated reads. This patch tries<br>
to work around the problem, by not unconditionally passing the recv buffer size<br>
of "sizeof pbRecvBuffer" (64k + 12), but increasing the client supplied buffer<br>
by one, keeping the "sizeof pbRecvBuffer" as an upper bound. This way a too<br>
small recv buffer passed by the client can still be detected, but the CT API<br>
limit of 64k is not exceeded if the buffer is below 64k.<br>
<br>
Cc: Marcin Cieslak <<a href="mailto:saper@saper.info">saper@saper.info</a>><br>
---<br>
src/winscard_svc.c | 13 +++++++++++++<br>
1 file changed, 13 insertions(+)<br>
<br>
diff --git a/src/winscard_svc.c b/src/winscard_svc.c<br>
index 75e4c8e4e8e1..a623fd60f631 100644<br>
--- a/src/winscard_svc.c<br>
+++ b/src/winscard_svc.c<br>
@@ -636,7 +636,20 @@ static void ContextThread(LPVOID newContext)<br>
ioSendPci.cbPciLength = trStr.ioSendPciLength;<br>
ioRecvPci.dwProtocol = trStr.ioRecvPciProtocol;<br>
ioRecvPci.cbPciLength = trStr.ioRecvPciLength;<br>
+ /* The CT API implements a max recv buffer size of 64k,<br>
+ * while "sizeof pbRecvBuffer" is "64k + 12". This leads<br>
+ * to trunkation of max recv buffer size to "12" when<br>
+ * using "sizeof pbRecvBuffer", even if the client<br>
+ * specifies a much smaller recv buffer.<br>
+ *<br>
+ * Here we increase the client buffer by one<br>
+ * (but keeping "sizeof pbRecvBuffer" as maximum),<br>
+ * so that we can detect a too small client buffer<br>
+ * later.<br>
+ */<br>
cbRecvLength = sizeof pbRecvBuffer;<br>
+ if (cbRecvLength > trStr.pcbRecvLength + 1)<br>
+ cbRecvLength = trStr.pcbRecvLength + 1;<br>
<br>
trStr.rv = SCardTransmit(trStr.hCard, &ioSendPci,<br>
pbSendBuffer, trStr.cbSendLength, &ioRecvPci,<br>
<span class=""><font color="#888888">--<br>
2.6.2<br>
<br>
<br>
_______________________________________________<br>
Pcsclite-muscle mailing list<br>
<a href="mailto:Pcsclite-muscle@lists.alioth.debian.org">Pcsclite-muscle@lists.alioth.debian.org</a><br>
<a href="http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle" rel="noreferrer" target="_blank">http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle</a><br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"> Dr. Ludovic Rousseau</div>
</div></div></div></div></div></div></div>