[Pcsclite-git-commit] [CCID] 01/01: CmdEscapeCheck(): signals buffer overflow
Ludovic Rousseau
rousseau at moszumanska.debian.org
Tue Feb 28 17:04:22 UTC 2017
This is an automated email from the git hooks/post-receive script.
rousseau pushed a commit to branch master
in repository CCID.
commit b15c8f96ca80005c3da024c031e9607051a9fe1a
Author: Ludovic Rousseau <ludovic.rousseau at free.fr>
Date: Tue Feb 28 16:46:20 2017 +0100
CmdEscapeCheck(): signals buffer overflow
If the RxBuffer[] buffer is too small to contain the reader response
then IFD_ERROR_INSUFFICIENT_BUFFER is returned.
Before the patch the returned buffer was silently truncated and
IFD_SUCCESS was returned.
Thanks to Maximilian Stein for the bug report
"[Pcsclite-muscle] libccid IFDHControl() / CmdEscape() might truncate reader response"
http://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20170213/000816.html
---
src/commands.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/commands.c b/src/commands.c
index 0dea038..4c58b39 100644
--- a/src/commands.c
+++ b/src/commands.c
@@ -1008,7 +1008,10 @@ time_request:
/* copy the response */
length_out = dw2i(cmd_out, 1);
if (length_out > *RxLength)
+ {
length_out = *RxLength;
+ return_value = IFD_ERROR_INSUFFICIENT_BUFFER;
+ }
*RxLength = length_out;
memcpy(RxBuffer, &cmd_out[10], length_out);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pcsclite/CCID.git
More information about the Pcsclite-cvs-commit
mailing list