From 09a6323de16c720e68abea8deb78b864942bd3da Mon Sep 17 00:00:00 2001
From: Ludovic Rousseau <ludovic.rousseau@free.fr>
Date: Sat, 8 Aug 2020 16:28:32 +0200
Subject: [PATCH 2/6] CmdGetSlotStatus: fix potential read of uninitialized
 buffer

If the command SlotStatus fails then we report: card absent.
The problem was only present for a ICCD type B reader.

Thanks to Maksim Ivanov for the bug report
"[Pcsclite-muscle] Insufficient checks in CCID"
http://lists.infradead.org/pipermail/pcsclite-muscle/2020-August/001098.html

" Hello,

The CCID free software driver is missing a few checks and graceful
handling of some error cases:

4. Read of uninitialized buffer in CmdGetSlotStatus() at
https://salsa.debian.org/rousseau/CCID/-/blob/4d5cbf703c268b31c734931166c52dcb9920c0fe/src/commands.c#L1201
- in case when the control transfer returned only 1 instead of 3
bytes. "
---
 src/commands.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/commands.c b/src/commands.c
index c00c2d5..cbbb19a 100644
--- a/src/commands.c
+++ b/src/commands.c
@@ -1182,7 +1182,7 @@ again_status:
 	if (PROTOCOL_ICCD_B == ccid_descriptor->bInterfaceProtocol)
 	{
 		int r;
-		unsigned char buffer_tmp[3];
+		unsigned char buffer_tmp[3] = {0, 2, 0};
 
 		/* SlotStatus */
 		r = ControlUSB(reader_index, 0xA1, 0x81, 0, buffer_tmp,
-- 
1.8.3.1