Hi,
after some digging and testing, I come to the conclusion that the the
immediate cause for the breakage I reported is the change made to the
piv_general_io() function (src/libopensc/card-piv.c, expanded for
context): Because rbuflen is set to zero, sc_asn1_read_tag will never
read/parse an ASN.1 tag.
Reverting this single change seems to fix my problems, however this
leaves the clear possibility for overflowing receive buffers that are
passed into the function, this has so far only worked by accident...
Cheers,
-Hilko
@@ -525,15 +525,16 @@ static int piv_general_io(sc_card_t *card, int ins, int
p1, int p2,
rbuflen = 0; /* in case rseplen < 3 i.e. not parseable */
if ( recvbuflen && recvbuf && apdu.resplen > 3) {
*recvbuflen = 0;
/* we should have all the tag data, so we have to tell
sc_asn1_find_tag
* the buffer is bigger, so it will not produce "ASN1.tag too
long!" */
body = rbuf;
- if (sc_asn1_read_tag(&body, 0xffff, &cla_out, &tag_out,
&bodylen) != SC_SUCCESS) {
+ if (sc_asn1_read_tag(&body, rbuflen, &cla_out, &tag_out,
&bodylen) != SC_SUCCESS
+ || body == NULL) {
/* only early beta cards had this problem */
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "*****
received buffer tag MISSING ");
body = rbuf;
/* some readers/cards might return 6c 00 */
if (apdu.sw1 == 0x61 || apdu.sw2 == 0x6c )
bodylen = 12000;
else
