found possible bug

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

found possible bug

Wolfgang Pichler
Hi all,

struggling with my gemalto stick (as in my previous mail) - i found a possible bug - for which i now created a workaround - because i don’t know the exact source for the problem.

In libccid-1.4.22

in src/ccid_usb.c - in the ReadUSB Function

For whatever Reason - it got called for my stick with a value of 65556 (the main thing here will be to find out why it does like to read that many bytes…)

The call to libusb_bulk_transfer did failed then - but did not return something negative - only 0 bytes.

libusb_bulk_transfer is defined with the length as int (not unsigend int !) - for whatever reason

so the unsigned int value will get a negative value - so the libusb_bulk_transfer will return with 0 bytes because it can not read negative number of bytes (this sound clear to me)

So - quick and dirty - i added a check if the value is greater than 4096 - then make the length=4096 - and do read

--- ccid-1.4.22/src/ccid_usb.c 2016-01-10 13:26:09.000000000 +0000
+++ ccid-1.4.22-patched/src/ccid_usb.c 2017-02-18 18:02:40.225678226 +0000
@@ -800,7 +800,9 @@
 read_again:
  (void)snprintf(debug_header, sizeof(debug_header), "<- %06X ",
  (int)reader_index);
-
+ if (*length > 4096) {
+ *length = 4096;
+ }
  rv = libusb_bulk_transfer(usbDevice[reader_index].dev_handle,
  usbDevice[reader_index].bulk_in, buffer, *length,
  &actual_length, usbDevice[reader_index].ccid.readTimeout);


At the start it does throw this failure

00000020 ccid.c:212:set_gemalto_firmware_features() GET_FIRMWARE_FEATURES failed: 612, len=0

Maybe because of this it does not know the max size which it could read from the device ?

br,
Wolfgang



_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: found possible bug

Ludovic Rousseau
2017-02-18 19:06 GMT+01:00 Wolfgang Pichler <[hidden email]>:
Hi all,

Hello,
 

struggling with my gemalto stick (as in my previous mail) - i found a possible bug - for which i now created a workaround - because i don’t know the exact source for the problem.

In libccid-1.4.22

in src/ccid_usb.c - in the ReadUSB Function

For whatever Reason - it got called for my stick with a value of 65556 (the main thing here will be to find out why it does like to read that many bytes…)

The call to libusb_bulk_transfer did failed then - but did not return something negative - only 0 bytes.

libusb_bulk_transfer is defined with the length as int (not unsigend int !) - for whatever reason

This change is planed for a next major version of libusb: use size_t instead of int for a buffer size.

Note that 65556 can easily be stored in a 4-bytes int.

 
so the unsigned int value will get a negative value - so the libusb_bulk_transfer will return with 0 bytes because it can not read negative number of bytes (this sound clear to me)

Your int is a 2-bytes value?
What platform are you using?
 

So - quick and dirty - i added a check if the value is greater than 4096 - then make the length=4096 - and do read

--- ccid-1.4.22/src/ccid_usb.c  2016-01-10 13:26:09.000000000 +0000
+++ ccid-1.4.22-patched/src/ccid_usb.c  2017-02-18 18:02:40.225678226 +0000
@@ -800,7 +800,9 @@
 read_again:
        (void)snprintf(debug_header, sizeof(debug_header), "<- %06X ",
                (int)reader_index);
-
+       if (*length > 4096) {
+               *length = 4096;
+       }
        rv = libusb_bulk_transfer(usbDevice[reader_index].dev_handle,
                usbDevice[reader_index].bulk_in, buffer, *length,
                &actual_length, usbDevice[reader_index].ccid.readTimeout);


At the start it does throw this failure

00000020 ccid.c:212:set_gemalto_firmware_features() GET_FIRMWARE_FEATURES failed: 612, len=0

Maybe because of this it does not know the max size which it could read from the device ?

Can you provide a full pcscd log (without any code change)?

Thanks

--
 Dr. Ludovic Rousseau

_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle