Package: libtowitoko2
Version: 2.0.7-9
Severity: grave
Tags: patch
pcscd nowadays passes in buffers much larger than can be represented in an
unsigned short when communicating with the card reader, but libtowitoko2
simply casts the length to an unsigned short, which leads to
overflow/truncation of the buffer size and thus to complete failure to use
the Towitoko reader using this driver.
The attached patch simply limits the buffer sizes that are passed into the
driver to what can be represented in unsigned shorts, which makes it all
work again for me.
diff --git a/src/ifd-handler/ifdhandler.c b/src/ifd-handler/ifdhandler.c
index 5fc0299..b3dbcaa 100644
--- a/src/ifd-handler/ifdhandler.c
+++ b/src/ifd-handler/ifdhandler.c
@@ -33,6 +33,7 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
+#include <limits.h>
#ifdef HAVE_PTHREAD_H
#include <pthread.h>
#endif
@@ -497,15 +498,24 @@ IFDHTransmitToICC (DWORD Lun, SCARD_IO_HEADER SendPci,
#endif
dad = (UCHAR) ((slot == 0) ? 0x00 : slot + 1);
sad = 0x02;
- lr = (unsigned short) (*RxLength);
- lc = (unsigned short) TxLength;
-
- ret = CT_data (ctn, &dad, &sad, lc, TxBuffer, &lr, RxBuffer);
-
- if (ret == OK)
+ lr = ((*RxLength) > USHRT_MAX) ? USHRT_MAX : ((unsigned short) (*RxLength));
+ if (TxLength <= USHRT_MAX)
{
- (*RxLength) = lr;
- rv = IFD_SUCCESS;
+ lc = (unsigned short) TxLength;
+
+ ret = CT_data (ctn, &dad, &sad, lc, TxBuffer, &lr, RxBuffer);
+
+ if (ret == OK)
+ {
+ (*RxLength) = lr;
+ rv = IFD_SUCCESS;
+ }
+
+ else
+ {
+ (*RxLength) = 0;
+ rv = IFD_COMMUNICATION_ERROR;
+ }
}
else
