[Pcsclite-git-commit] [PCSC] 01/04: SCardControl() may return SCARD_E_INSUFFICIENT_BUFFER

Tue Feb 28 17:04:42 UTC 2017

This is an automated email from the git hooks/post-receive script.

rousseau pushed a commit to branch master
in repository PCSC.

commit 09cf6c7de55f1b4ab1d8a3f86c7a56d7a8621538
Author: Ludovic Rousseau <ludovic.rousseau at free.fr>
Date:   Tue Feb 28 16:24:53 2017 +0100

    SCardControl() may return SCARD_E_INSUFFICIENT_BUFFER
    
    SCardControl() now correctly returns SCARD_E_INSUFFICIENT_BUFFER when
    pbRecvBuffer is not big enough to receive the card response.
    
    The CCID driver does the check and correctly and returned
    CM_IOCTL_GET_FEATURE_REQUEST in such a case but not all IFD Handler may
    be smart enough.
    
    This change is similar to the same change for SCardTransmit() done in
    8eb9ea1b354b050f997d003cf3b0c5b56f29f9f7 (29 mai 2015)
    
    Thanks to Maximilian Stein for the patch
    "[Pcsclite-muscle] SCardControl() should return SCARD_E_INSUFFICIENT_BUFFER similar to SCardTransmit()"
    http://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20170213/000815.html
---
 src/winscard_clnt.c | 2 +-
 src/winscard_svc.c  | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/winscard_clnt.c b/src/winscard_clnt.c
index f79ea46..04e5394 100644
--- a/src/winscard_clnt.c
+++ b/src/winscard_clnt.c
@@ -2178,7 +2178,7 @@ error:
  *
  * @return Error code.
  * @retval SCARD_S_SUCCESS Successful (\ref SCARD_S_SUCCESS)
- * @retval SCARD_E_INSUFFICIENT_BUFFER \p cbSendLength or \p cbRecvLength are too big (\ref SCARD_E_INSUFFICIENT_BUFFER)
+ * @retval SCARD_E_INSUFFICIENT_BUFFER \p cbRecvLength was not large enough for the reader response. The expected size is now in \p lpBytesReturned (\ref SCARD_E_INSUFFICIENT_BUFFER)
  * @retval SCARD_E_INVALID_HANDLE Invalid \p hCard handle (\ref SCARD_E_INVALID_HANDLE)
  * @retval SCARD_E_INVALID_PARAMETER \p pbSendBuffer is NULL or \p cbSendLength is null and the IFDHandler is version 2.0 (without \p dwControlCode) (\ref SCARD_E_INVALID_PARAMETER)
  * @retval SCARD_E_INVALID_VALUE Invalid value was presented (\ref SCARD_E_INVALID_VALUE)
diff --git a/src/winscard_svc.c b/src/winscard_svc.c
index a8f027c..7dd83e2 100644
--- a/src/winscard_svc.c
+++ b/src/winscard_svc.c
@@ -715,9 +715,15 @@ static void ContextThread(LPVOID newContext)
 
 				ctStr.rv = SCardControl(ctStr.hCard, ctStr.dwControlCode,
 					pbSendBuffer, ctStr.cbSendLength,
-					pbRecvBuffer, ctStr.cbRecvLength,
+					pbRecvBuffer, sizeof pbRecvBuffer,
 					&dwBytesReturned);
 
+				if (dwBytesReturned > ctStr.cbRecvLength)
+					/* The client buffer is not large enough.
+					 * The pbRecvBuffer buffer will NOT be sent a few
+					 * lines bellow. So no buffer overflow is expected. */
+					ctStr.rv = SCARD_E_INSUFFICIENT_BUFFER;
+
 				ctStr.dwBytesReturned = dwBytesReturned;
 
 				WRITE_BODY(ctStr);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pcsclite/PCSC.git

