110 lines
3.3 KiB
Diff
110 lines
3.3 KiB
Diff
diff -ru pcsc-lite-1.4.102.orig//src/winscard_svc.c pcsc-lite-1.4.102/src/winscard_svc.c
|
|
--- pcsc-lite-1.4.102.orig//src/winscard_svc.c 2008-06-27 05:31:39.000000000 +0200
|
|
+++ pcsc-lite-1.4.102/src/winscard_svc.c 2010-05-26 15:04:04.000000000 +0200
|
|
@@ -385,6 +385,14 @@
|
|
dwProtocol = stStr->pdwProtocol;
|
|
cbAtrLen = stStr->pcbAtrLen;
|
|
|
|
+ /* avoids buffer overflow */
|
|
+ if ((cchReaderLen > sizeof(stStr->mszReaderNames))
|
|
+ || (cbAtrLen > sizeof(stStr->pbAtr)))
|
|
+ {
|
|
+ stStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
|
|
+ break;
|
|
+ }
|
|
+
|
|
stStr->rv = SCardStatus(stStr->hCard, stStr->mszReaderNames,
|
|
&cchReaderLen, &dwState,
|
|
&dwProtocol, stStr->pbAtr, &cbAtrLen);
|
|
@@ -400,6 +408,14 @@
|
|
rv = MSGCheckHandleAssociation(trStr->hCard, dwContextIndex);
|
|
if (rv != 0) return rv;
|
|
|
|
+ /* avoids buffer overflow */
|
|
+ if ((trStr->pcbRecvLength > sizeof(trStr->pbRecvBuffer))
|
|
+ || (trStr->cbSendLength > sizeof(trStr->pbSendBuffer)))
|
|
+ {
|
|
+ trStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
|
|
+ break;
|
|
+ }
|
|
+
|
|
ioSendPci.dwProtocol = trStr->pioSendPciProtocol;
|
|
ioSendPci.cbPciLength = trStr->pioSendPciLength;
|
|
ioRecvPci.dwProtocol = trStr->pioRecvPciProtocol;
|
|
@@ -424,6 +440,14 @@
|
|
rv = MSGCheckHandleAssociation(ctStr->hCard, dwContextIndex);
|
|
if (rv != 0) return rv;
|
|
|
|
+ /* avoids buffer overflow */
|
|
+ if ((ctStr->cbRecvLength > sizeof(ctStr->pbRecvBuffer))
|
|
+ || (ctStr->cbSendLength > sizeof(ctStr->pbSendBuffer)))
|
|
+ {
|
|
+ ctStr->rv = SCARD_E_INSUFFICIENT_BUFFER;
|
|
+ break;
|
|
+ }
|
|
+
|
|
dwBytesReturned = ctStr->dwBytesReturned;
|
|
|
|
ctStr->rv = SCardControl(ctStr->hCard, ctStr->dwControlCode,
|
|
@@ -440,6 +464,13 @@
|
|
rv = MSGCheckHandleAssociation(gsStr->hCard, dwContextIndex);
|
|
if (rv != 0) return rv;
|
|
|
|
+ /* avoids buffer overflow */
|
|
+ if (gsStr->cbAttrLen > sizeof(gsStr->pbAttr))
|
|
+ {
|
|
+ gsStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
|
|
+ break;
|
|
+ }
|
|
+
|
|
cbAttrLen = gsStr->cbAttrLen;
|
|
|
|
gsStr->rv = SCardGetAttrib(gsStr->hCard, gsStr->dwAttrId,
|
|
@@ -453,6 +484,14 @@
|
|
gsStr = ((getset_struct *) msgStruct->data);
|
|
rv = MSGCheckHandleAssociation(gsStr->hCard, dwContextIndex);
|
|
if (rv != 0) return rv;
|
|
+
|
|
+ /* avoids buffer overflow */
|
|
+ if (gsStr->cbAttrLen > sizeof(gsStr->pbAttr))
|
|
+ {
|
|
+ gsStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
|
|
+ break;
|
|
+ }
|
|
+
|
|
gsStr->rv = SCardSetAttrib(gsStr->hCard, gsStr->dwAttrId,
|
|
gsStr->pbAttr, gsStr->cbAttrLen);
|
|
break;
|
|
@@ -467,6 +506,15 @@
|
|
rv = MSGCheckHandleAssociation(treStr->hCard, dwContextIndex);
|
|
if (rv != 0) return rv;
|
|
|
|
+ /* avoids buffer overflow */
|
|
+ if ((treStr->size > sizeof(pbSendBuffer))
|
|
+ || (treStr->cbSendLength > sizeof(pbSendBuffer))
|
|
+ || (treStr->pcbRecvLength > sizeof(pbRecvBuffer)))
|
|
+ {
|
|
+ treStr->rv = SCARD_E_INSUFFICIENT_BUFFER;
|
|
+ break;
|
|
+ }
|
|
+
|
|
/* on more block to read? */
|
|
if (treStr->size > PCSCLITE_MAX_MESSAGE_SIZE)
|
|
{
|
|
@@ -548,6 +596,15 @@
|
|
rv = MSGCheckHandleAssociation(cteStr->hCard, dwContextIndex);
|
|
if (rv != 0) return rv;
|
|
|
|
+ /* avoids buffer overflow */
|
|
+ if ((cteStr->size > sizeof(pbSendBuffer))
|
|
+ || (cteStr->cbSendLength > sizeof(pbSendBuffer))
|
|
+ || (cteStr->cbRecvLength > sizeof(pbRecvBuffer)))
|
|
+ {
|
|
+ cteStr->rv = SCARD_E_INSUFFICIENT_BUFFER;
|
|
+ break;
|
|
+ }
|
|
+
|
|
/* on more block to read? */
|
|
if (cteStr->size > PCSCLITE_MAX_MESSAGE_SIZE)
|
|
{
|