Andreas Jellinghaus wrote:
not sure the code is now 100% correct.
the old code looks wrong to me, it could have
let towards accessing a buffer beyond its length.
but: do we need to add some error handling for
the case that the len >apdu->rsplen?
hmm, could this happen ? Could the returned buffer size really be
larger than the size of the buffer given to the transmit function
as we should have (using the names from reader-pcsc.c):
len <= rsize <= apdu->resplen + 2
...
@@ -224,11 +226,10 @@
apdu->sw2 = (unsigned int)buf[len - 1];
len -= 2;
/* set output length and copy the returned data if necessary */
- if (len <= apdu->resplen)
+ if (apdu->resplen >= len) {
apdu->resplen = len;
-
- if (apdu->resplen != 0)
memcpy(apdu->resp, buf, apdu->resplen);
+ }
return SC_SUCCESS;
}
I don't see a problem with the old code
Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
