In commit:

    8eb9ea1b354b SCardTransmit() may return SCARD_E_INSUFFICIENT_BUFFER

the recv buffer size, passed to the SCardTransmit() function, is set
unconditionally to "sizeof pbRecvBuffer", which is 64k + 12. This leads to
problems when the CT API is used in the lower layers, as the CT API implements
a maximum recv buffer size of 64k.

This leads to the truncation of the recv buffer size to 12. If the client has
supplied a buffer of >12 bytes, resulting in truncated reads. This patch tries
to work around the problem, by not unconditionally passing the recv buffer size
of "sizeof pbRecvBuffer" (64k + 12), but increasing the client supplied buffer
by one, keeping the "sizeof pbRecvBuffer" as an upper bound. This way a too
small recv buffer passed by the client can still be detected, but the CT API
limit of 64k is not exceeded if the buffer is below 64k.

Cc: Marcin Cieslak <[email protected]>
---
 src/winscard_svc.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/winscard_svc.c b/src/winscard_svc.c
index 75e4c8e4e8e1..a623fd60f631 100644
--- a/src/winscard_svc.c
+++ b/src/winscard_svc.c
@@ -636,7 +636,20 @@ static void ContextThread(LPVOID newContext)
                                ioSendPci.cbPciLength = trStr.ioSendPciLength;
                                ioRecvPci.dwProtocol = trStr.ioRecvPciProtocol;
                                ioRecvPci.cbPciLength = trStr.ioRecvPciLength;
+                               /* The CT API implements a max recv buffer size 
of 64k,
+                                * while "sizeof pbRecvBuffer" is "64k + 12". 
This leads
+                                * to trunkation of max recv buffer size to 
"12" when
+                                * using "sizeof pbRecvBuffer", even if the 
client
+                                * specifies a much smaller recv buffer.
+                                *
+                                * Here we increase the client buffer by one
+                                * (but keeping "sizeof pbRecvBuffer" as 
maximum),
+                                * so that we can detect a too small client 
buffer
+                                * later.
+                                */
                                cbRecvLength = sizeof pbRecvBuffer;
+                               if (cbRecvLength > trStr.pcbRecvLength + 1)
+                                       cbRecvLength = trStr.pcbRecvLength + 1;
 
                                trStr.rv = SCardTransmit(trStr.hCard, 
&ioSendPci,
                                        pbSendBuffer, trStr.cbSendLength, 
&ioRecvPci,
-- 
2.6.2


_______________________________________________
Pcsclite-muscle mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle

Reply via email to