pcsc-lite: backport some patches to solve some upstream problems

backport some patches to solve some upstream problems Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
2020-10-29 22:09:48 +08:00 · 2020-10-29 22:09:48 +08:00 · 14048123a2
commit 14048123a2
parent 400fdaf23b
5 changed files with 230 additions and 1 deletions
--- a/0001-Do-not-possibly-lock-a-reader-if-allocating-hCard-fa.patch
+++ b/0001-Do-not-possibly-lock-a-reader-if-allocating-hCard-fa.patch
@ -0,0 +1,78 @@
 From 36bc9446b40fa3c6ac12312b934f4d7131659087 Mon Sep 17 00:00:00 2001
 From: Ludovic Rousseau <ludovic.rousseau@free.fr>
 Date: Wed, 5 Aug 2020 17:59:41 +0200
 Subject: [PATCH 01/13] Do not (possibly) lock a reader if allocating hCard
 fails
 In case of SCardConnect() the reader may be locked in
 SCARD_SHARE_EXCLUSIVE mode if internal SCardConnect() works but
 MSGAddHandle() fails because the list of handle is full.
 You need to start pcscd with "--max-card-handle-per-reader n" with
 n > 200 or the 200 limit (default value) will be hit in internal
 SCardConnect() and MSGAddHandle() would not be called.
 Thanks to Maksim Ivanov for the bug report
 "[Pcsclite-muscle] SCardConnect behavior with invalid contexts"
 http://lists.infradead.org/pipermail/pcsclite-muscle/2020-July/001095.html
 " Hello,
 I believe that there's a potential problem with the SCardConnect
 implementation that it doesn't check the received SCARDCONTEXT
 *before* executing the command. This might result in an unexpected
 state, where the SCardConnect() caller receives an error code
 meanwhile the connection to the card is actually established (which,
 for example, might be an exclusive connection that prevents anyone
 else from connecting to the card).
 In detail, the ContextThread() function in winscard_svc.c, when
 receiving the SCARD_CONNECT command, calls first SCardConnect() from
 winscard.c, and then MSGAddHandle(). The former ignores SCARDCONTEXT
 and, if possible, establishes a connection to the card. The latter
 does check the SCARDCONTEXT value, but this happens after the
 connection is already established, and its error is just returned to
 the caller (without closing the just-opened connection).
 Would it make sense to add a check of SCARDCONTEXT before calling
 SCardConnect(), and/or to call SCardDisconnect() if MSGAddHandle()
 fails?
 Regards,
 Maksim "
 ---
 src/winscard_svc.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
 diff --git a/src/winscard_svc.c b/src/winscard_svc.c
 index cdeac33..c0df008 100644
 --- a/src/winscard_svc.c
 +++ b/src/winscard_svc.c
@@ -507,9 +507,15 @@ static void * ContextThread(LPVOID newContext)
 				coStr.dwActiveProtocol = dwActiveProtocol;
 				if (coStr.rv == SCARD_S_SUCCESS)
 +				{
 					coStr.rv = MSGAddHandle(coStr.hContext, coStr.hCard,
 						threadContext);
 +					/* if storing the hCard fails we disconnect */
 +					if (coStr.rv != SCARD_S_SUCCESS)
 +						SCardDisconnect(coStr.hCard, SCARD_LEAVE_CARD);
 +				}
 +
 				WRITE_BODY(coStr);
 			}
 			break;
@@ -963,7 +969,7 @@ static LONG MSGAddHandle(SCARDCONTEXT hContext, SCARDHANDLE hCard,
 		if (listLength >= contextMaxCardHandles)
 		{
 			Log4(PCSC_LOG_DEBUG,
 -				"Too many card handles for thread context @%p: %d (max is %d)"
 +				"Too many card handles for thread context @%p: %d (max is %d). "
 				"Restart pcscd with --max-card-handle-per-thread value",
 				threadContext, listLength, contextMaxCardHandles);
 			retval = SCARD_E_NO_MEMORY;
 -- 
 1.8.3.1
--- a/0002-Fix-a-hang-in-SCardTransmit.patch
+++ b/0002-Fix-a-hang-in-SCardTransmit.patch
@ -0,0 +1,56 @@
 From 38dfe5c1f474db519e1f7e31cf714ba5d4c6cfa4 Mon Sep 17 00:00:00 2001
 From: Ludovic Rousseau <ludovic.rousseau@free.fr>
 Date: Wed, 5 Aug 2020 18:57:30 +0200
 Subject: [PATCH 02/13] Fix a hang in SCardTransmit()
 In some special conditions it is possible to make SCardTransmit() to
 hang forever in pcscd and generates a denial of service.
 I was able to reproduce the problem using a sample C code.
 Thanks to Maksim Ivanov for the bug report
 "[Pcsclite-muscle] Potential hang in SCardTransmit"
 http://lists.infradead.org/pipermail/pcsclite-muscle/2020-July/001096.html
 " Hello,
 It seems that there's (at least half-hypothetical) scenario when
 SCardTransmit may hang.
 The combination is:
 the service's |readerState| is (SCARD_PRESENT | SCARD_POWERED |
 SCARD_NEGOTIABLE);
 the service's |cardProtocol| is SCARD_PROTOCOL_UNDEFINED (right after
 power-up);
 the caller's |pioSendPci->dwProtocol| is SCARD_PROTOCOL_ANY_OLD.
 In that case, the hang happens in the loop that attempts to find the
 highest bit in the |cardProtocol| value; it doesn't handle the case
 when the latter is zero:
 https://salsa.debian.org/rousseau/PCSC/-/blob/467df10d439f6d739cd48a51f2b3dd543b1a64ce/src/winscard.c#L1583
 P.S. Sorry if I misunderstood something and this case can never occur
 in practice.
 Regards,
 Maksim "
 ---
 src/winscard.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/winscard.c b/src/winscard.c
 index 9f24cd7..3b88554 100644
 --- a/src/winscard.c
 +++ b/src/winscard.c
@@ -1580,7 +1580,7 @@ LONG SCardTransmit(SCARDHANDLE hCard, const SCARD_IO_REQUEST *pioSendPci,
 		unsigned long i;
 		unsigned long prot = rContext->readerState->cardProtocol;
 -		for (i = 0 ; prot != 1 ; i++)
 +		for (i = 0 ; prot != 1 && i < 16; i++)
 			prot >>= 1;
 		sSendPci.Protocol = i;
 -- 
 1.8.3.1
--- a/0003-ATRDecodeAtr-always-initialize-the-return-values.patch
+++ b/0003-ATRDecodeAtr-always-initialize-the-return-values.patch
@ -0,0 +1,52 @@
 From a706455f31178ab35f07e3e6e76bd4a35d7ef3da Mon Sep 17 00:00:00 2001
 From: Ludovic Rousseau <ludovic.rousseau@free.fr>
 Date: Sat, 8 Aug 2020 15:11:53 +0200
 Subject: [PATCH 03/13] ATRDecodeAtr: always initialize the return values
 Always set a value to availableProtocols and currentProtocol before any
 return in error.
 Thanks to Maksim Ivanov for the bug report
 "[Pcsclite-muscle] Missing checks of ATRDecodeAtr returns"
 http://lists.infradead.org/pipermail/pcsclite-muscle/2020-July/001097.html
 " Hello,
 The callers of the ATRDecodeAtr() function (SCardConnect() and
 SCardReconnect() in winscard.c) don't check its return value, which
 might potentially cause reads of uninitialized variables
 |availableProtocols| and |defaultProtocol| and unexpected side
 effects.
 Regards,
 Maksim "
 ---
 src/atrhandler.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 diff --git a/src/atrhandler.c b/src/atrhandler.c
 index 2ebc440..1e0654d 100644
 --- a/src/atrhandler.c
 +++ b/src/atrhandler.c
@@ -75,15 +75,15 @@ short ATRDecodeAtr(int *availableProtocols, int *currentProtocol,
 		LogXxd(PCSC_LOG_DEBUG, "ATR: ", pucAtr, dwLength);
 #endif
 -	if (dwLength < 2)
 -		return 0;	/** @retval 0 Atr must have TS and T0 */
 -
 	/*
 	 * Zero out the bitmasks
 	 */
 	*availableProtocols = SCARD_PROTOCOL_UNDEFINED;
 	*currentProtocol = SCARD_PROTOCOL_UNDEFINED;
 +	if (dwLength < 2)
 +		return 0;	/** @retval 0 Atr must have TS and T0 */
 +
 	/*
 	 * Decode the TS byte
 	 */
 -- 
 1.8.3.1
--- a/0004-EHUnregisterClientForEvent-correctly-handle-EHTryToU.patch
+++ b/0004-EHUnregisterClientForEvent-correctly-handle-EHTryToU.patch
@ -0,0 +1,36 @@
 From 278b55a87a5f4b9bd86513f7d8f9ab7d66558602 Mon Sep 17 00:00:00 2001
 From: Ludovic Rousseau <ludovic.rousseau@free.fr>
 Date: Sat, 8 Aug 2020 17:37:40 +0200
 Subject: [PATCH 05/13] EHUnregisterClientForEvent: correctly handle
 EHTryToUnregisterClientForEvent
 EHTryToUnregisterClientForEvent() returns SCARD_S_SUCCESS or
 SCARD_F_INTERNAL_ERROR but never a negative value.
 Thanks to Valerii Zapodovnikov for the bug report
 "Code cleanup"
 https://salsa.debian.org/rousseau/PCSC/-/issues/19
 " https://salsa.debian.org/rousseau/PCSC/-/blob/master/src/eventhandler.c#L107
 rv < 0 is always false, because on line 94 there SCARD_F_INTERNAL_ERROR
 is ((LONG)0x80100001 and SCARD_S_SUCCESS is ((LONG)0x00000000). "
 ---
 src/eventhandler.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/eventhandler.c b/src/eventhandler.c
 index 932d30b..8d450d5 100644
 --- a/src/eventhandler.c
 +++ b/src/eventhandler.c
@@ -104,7 +104,7 @@ LONG EHUnregisterClientForEvent(int32_t filedes)
 {
 	LONG rv = EHTryToUnregisterClientForEvent(filedes);
 -	if (rv < 0)
 +	if (rv != SCARD_S_SUCCESS)
 		Log2(PCSC_LOG_ERROR, "Can't remove client: %d", filedes);
 	return rv;
 -- 
 1.8.3.1
--- a/pcsc-lite.spec
+++ b/pcsc-lite.spec
@ -1,6 +1,6 @@
 Name:           pcsc-lite
 Version:        1.9.0
-Release:        1
+Release:        2
 Summary:        Middleware to access a smart card using SCard API (PC/SC)
 License:        BSD
 URL:            https://pcsclite.apdu.fr/
@ -19,6 +19,10 @@ Provides:       pcsc-lite-libs%{?_isa} pcsc-lite-libs
 Obsoletes:      pcsc-lite-libs
 Patch0:      0000-pcsc-lite-change-to-use-python3-for-pcsc-spy.patch
 Patch1:      0001-Do-not-possibly-lock-a-reader-if-allocating-hCard-fa.patch
 Patch2:      0002-Fix-a-hang-in-SCardTransmit.patch
 Patch3:      0003-ATRDecodeAtr-always-initialize-the-return-values.patch
 Patch4:      0004-EHUnregisterClientForEvent-correctly-handle-EHTryToU.patch
 %description
 PC/SC Lite is a middleware to access a smart card using SCard API (PC/SC).
@ -112,6 +116,9 @@ mkdir -p %{buildroot}/%{_localstatedir}/run/pcscd
 %changelog
 * Thu Oct 29 2020 Zhiqiang Liu <liuzhiqiang26@huawei.com> - 1.9.0-2
 - backport some patches to solve some upstream problems
 * Tue Jul 21 2020 jixinjie <jixinjie@huawei.com> - 1.9.0-1
 - update package to 1.9.0