SCardControl() should return SCARD_E_INSUFFICIENT_BUFFER similar to SCardTransmit()

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SCardControl() should return SCARD_E_INSUFFICIENT_BUFFER similar to SCardTransmit()

Stein, Maximilian
Hello,

I think SCardControl() should work similar to SCardTransmit() regarding
client application buffer size as in commit [1]. Depending on the
underlying IFD handler the current implementation might cause the same
incorrect behaviour as described in [1].

If the underlying IFD Handler is not correctly checking the buffer size,
the current implementation could even cause a buffer overflow in the
client application.

The attached patch solves this similar to the fix in [1].


Kind regards
Maximilian Stein

[1] 8eb9ea1b354b050f997d003cf3b0c5b56f29f9f7 - SCardTransmit() may
return SCARD_E_INSUFFICIENT_BUFFER

_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle

scardcontrol_insufficient_buffer.patch (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SCardControl() should return SCARD_E_INSUFFICIENT_BUFFER similar to SCardTransmit()

Ludovic Rousseau
2017-02-17 20:24 GMT+01:00 Maximilian Stein <[hidden email]>:
Hello,

Hello,
 

I think SCardControl() should work similar to SCardTransmit() regarding
client application buffer size as in commit [1]. Depending on the
underlying IFD handler the current implementation might cause the same
incorrect behaviour as described in [1].

If the underlying IFD Handler is not correctly checking the buffer size,
the current implementation could even cause a buffer overflow in the
client application.

The attached patch solves this similar to the fix in [1].


Kind regards
Maximilian Stein

[1] 8eb9ea1b354b050f997d003cf3b0c5b56f29f9f7 - SCardTransmit() may
return SCARD_E_INSUFFICIENT_BUFFER


You are right.
Thanks

--
 Dr. Ludovic Rousseau

_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle