Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Maliku
pcsc-ccid
0001-Revert-CCID_Transmit-call-memcpy-only-with...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Revert-CCID_Transmit-call-memcpy-only-with-a-non-NUL.patch of Package pcsc-ccid
From c9f85e69618bc06132698cdb2fddc51a754d4dcf Mon Sep 17 00:00:00 2001 From: Cameron Rapp <camspam@redhyena.net> Date: Fri, 24 Nov 2023 18:33:51 -0800 Subject: [PATCH] Revert "CCID_Transmit: call memcpy() only with a non-NULL src" This reverts commit 1931e55b864d883d309e6c1c4064a63c84ad3fc7. Revert "Fix potential memcpy call with null dest" This reverts commit 53ce26d7d004075d8387887b0c509b117b72a878. Support extended APDU for OmniKey 3021/3121 --- src/commands.c | 69 +++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 54 insertions(+), 15 deletions(-) diff --git a/src/commands.c b/src/commands.c index 1999094..a06f554 100644 --- a/src/commands.c +++ b/src/commands.c @@ -1315,8 +1315,13 @@ RESPONSECODE CmdXfrBlock(unsigned int reader_index, unsigned int tx_length, break; case CCID_CLASS_SHORT_APDU: - return_value = CmdXfrBlockTPDU_T0(reader_index, - tx_length, tx_buffer, rx_length, rx_buffer); + if ((CARDMAN3121 == ccid_descriptor->readerID) && (protocol == T_1)) + return_value = CmdXfrBlockTPDU_T1(reader_index, tx_length, + tx_buffer, rx_length, rx_buffer); + else + return_value = CmdXfrBlockTPDU_T0(reader_index, + tx_length, tx_buffer, rx_length, rx_buffer); + break; case CCID_CLASS_EXTENDED_APDU: @@ -1352,7 +1357,8 @@ RESPONSECODE CmdXfrBlock(unsigned int reader_index, unsigned int tx_length, RESPONSECODE CCID_Transmit(unsigned int reader_index, unsigned int tx_length, const unsigned char tx_buffer[], unsigned short rx_length, unsigned char bBWI) { - unsigned char cmd[10+tx_length]; /* CCID + APDU buffer */ + unsigned char cmd[11+tx_length]; /* CCID + APDU buffer */ + size_t cmdlen; _ccid_descriptor *ccid_descriptor = get_ccid_descriptor(reader_index); status_t ret; @@ -1399,18 +1405,34 @@ RESPONSECODE CCID_Transmit(unsigned int reader_index, unsigned int tx_length, } #endif - cmd[0] = 0x6F; /* XfrBlock */ - i2dw(tx_length, cmd+1); /* APDU length */ - cmd[5] = ccid_descriptor->bCurrentSlotIndex; /* slot number */ - cmd[6] = (*ccid_descriptor->pbSeq)++; - cmd[7] = bBWI; /* extend block waiting timeout */ - cmd[8] = rx_length & 0xFF; /* Expected length, in character mode only */ - cmd[9] = (rx_length >> 8) & 0xFF; + if ((CARDMAN3121 == ccid_descriptor->readerID) + && (SCARD_PROTOCOL_T1 == ccid_descriptor->cardProtocol)) + { + cmd[0] = 0x6B; /* Escape */ + i2dw(tx_length+1, cmd+1); /* APDU length */ + cmd[5] = ccid_descriptor->bCurrentSlotIndex; /* slot number */ + cmd[6] = (*ccid_descriptor->pbSeq)++; + cmd[7] = cmd[8] = cmd[9] = 0x00; /* RFU */ + cmd[10] = 0x1A; /* custom cmd "send TPDU" */ - if (tx_buffer) - memcpy(cmd+10, tx_buffer, tx_length); + cmdlen = 11; + } + else + { + cmd[0] = 0x6F; /* XfrBlock */ + i2dw(tx_length, cmd+1); /* APDU length */ + cmd[5] = ccid_descriptor->bCurrentSlotIndex; /* slot number */ + cmd[6] = (*ccid_descriptor->pbSeq)++; + cmd[7] = bBWI; /* extend block waiting timeout */ + cmd[8] = rx_length & 0xFF; /* Expected length, in character mode only */ + cmd[9] = (rx_length >> 8) & 0xFF; - ret = WritePort(reader_index, 10+tx_length, cmd); + cmdlen = 10; + } + + memcpy(cmd+cmdlen, tx_buffer, tx_length); + + ret = WritePort(reader_index, cmdlen+tx_length, cmd); CHECK_STATUS(ret) return IFD_SUCCESS; @@ -1425,7 +1447,7 @@ RESPONSECODE CCID_Transmit(unsigned int reader_index, unsigned int tx_length, RESPONSECODE CCID_Receive(unsigned int reader_index, unsigned int *rx_length, unsigned char rx_buffer[], unsigned char *chain_parameter) { - unsigned char cmd[10+CMD_BUF_SIZE]; /* CCID + APDU buffer */ + unsigned char cmd[11+CMD_BUF_SIZE]; /* CCID + APDU buffer */ unsigned int length; RESPONSECODE return_value = IFD_SUCCESS; status_t ret; @@ -1624,7 +1646,13 @@ time_request: length = dw2i(cmd, 1); if (length <= *rx_length) + { *rx_length = length; + + if ((CARDMAN3121 == ccid_descriptor->readerID) + && (SCARD_PROTOCOL_T1 == ccid_descriptor->cardProtocol)) + *rx_length--; + } else { DEBUG_CRITICAL2("overrun by %d bytes", length - *rx_length); @@ -1639,8 +1667,13 @@ time_request: return_value = IFD_COMMUNICATION_ERROR; } else - if (length) + { + if ((CARDMAN3121 == ccid_descriptor->readerID) + && (SCARD_PROTOCOL_T1 == ccid_descriptor->cardProtocol)) + memcpy(rx_buffer, cmd+11, length-1); + else memcpy(rx_buffer, cmd+10, length); + } /* Extended case? * Only valid for RDR_to_PC_DataBlock frames */ @@ -1822,6 +1855,12 @@ static RESPONSECODE CmdXfrBlockTPDU_T0(unsigned int reader_index, } else #endif + if (CARDMAN3121 == ccid_descriptor->readerID) + { + DEBUG_CRITICAL3("Ignoring dwMaxCCDMessageLength (tx=%d, max=%d)", + tx_length, ccid_descriptor->dwMaxCCIDMessageLength-10); + } + else { DEBUG_CRITICAL3("Command too long (%d bytes) for max: %d bytes", tx_length, ccid_descriptor->dwMaxCCIDMessageLength-10); -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor