bb02a0e9fc
backport some patches to fix some potential problems. Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
43 lines
1.3 KiB
Diff
43 lines
1.3 KiB
Diff
From 09a6323de16c720e68abea8deb78b864942bd3da Mon Sep 17 00:00:00 2001
|
|
From: Ludovic Rousseau <ludovic.rousseau@free.fr>
|
|
Date: Sat, 8 Aug 2020 16:28:32 +0200
|
|
Subject: [PATCH 2/6] CmdGetSlotStatus: fix potential read of uninitialized
|
|
buffer
|
|
|
|
If the command SlotStatus fails then we report: card absent.
|
|
The problem was only present for a ICCD type B reader.
|
|
|
|
Thanks to Maksim Ivanov for the bug report
|
|
"[Pcsclite-muscle] Insufficient checks in CCID"
|
|
http://lists.infradead.org/pipermail/pcsclite-muscle/2020-August/001098.html
|
|
|
|
" Hello,
|
|
|
|
The CCID free software driver is missing a few checks and graceful
|
|
handling of some error cases:
|
|
|
|
4. Read of uninitialized buffer in CmdGetSlotStatus() at
|
|
https://salsa.debian.org/rousseau/CCID/-/blob/4d5cbf703c268b31c734931166c52dcb9920c0fe/src/commands.c#L1201
|
|
- in case when the control transfer returned only 1 instead of 3
|
|
bytes. "
|
|
---
|
|
src/commands.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/commands.c b/src/commands.c
|
|
index c00c2d5..cbbb19a 100644
|
|
--- a/src/commands.c
|
|
+++ b/src/commands.c
|
|
@@ -1182,7 +1182,7 @@ again_status:
|
|
if (PROTOCOL_ICCD_B == ccid_descriptor->bInterfaceProtocol)
|
|
{
|
|
int r;
|
|
- unsigned char buffer_tmp[3];
|
|
+ unsigned char buffer_tmp[3] = {0, 2, 0};
|
|
|
|
/* SlotStatus */
|
|
r = ControlUSB(reader_index, 0xA1, 0x81, 0, buffer_tmp,
|
|
--
|
|
1.8.3.1
|
|
|