[Pcsclite-git-commit] [CCID] 01/01: CmdEscapeCheck(): signals buffer overflow

[Ludovic Rousseau]

This is an automated email from the git hooks/post-receive script.

rousseau pushed a commit to branch master
in repository CCID.

commit b15c8f96ca80005c3da024c031e9607051a9fe1a
Author: Ludovic Rousseau <ludovic.rousseau at free.fr>
Date:   Tue Feb 28 16:46:20 2017 +0100

    CmdEscapeCheck(): signals buffer overflow
    
    If the RxBuffer[] buffer is too small to contain the reader response
    then IFD_ERROR_INSUFFICIENT_BUFFER is returned.
    
    Before the patch the returned buffer was silently truncated and
    IFD_SUCCESS was returned.
    
    Thanks to Maximilian Stein for the bug report
    "[Pcsclite-muscle] libccid IFDHControl() / CmdEscape() might truncate reader response"
    http://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20170213/000816.html
---
 src/commands.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/commands.c b/src/commands.c
index 0dea038..4c58b39 100644
--- a/src/commands.c
+++ b/src/commands.c
@@ -1008,7 +1008,10 @@ time_request:
 	/* copy the response */
 	length_out = dw2i(cmd_out, 1);
 	if (length_out > *RxLength)
+	{
 		length_out = *RxLength;
+		return_value = IFD_ERROR_INSUFFICIENT_BUFFER;
+	}
 	*RxLength = length_out;
 	memcpy(RxBuffer, &cmd_out[10], length_out);
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pcsclite/CCID.git