Attachment #163130 for bug #204552

View | Details | Raw Unified | Return to bug 204552
Collapse All | Expand All

Lines 3-9 Link Here

(-)openct/Makefile (-1 / +1 lines)
3		3
4	PORTNAME= openct	4	PORTNAME= openct
5	PORTVERSION= 0.6.20	5	PORTVERSION= 0.6.20
6	PORTREVISION= 1	6	PORTREVISION= 2
7	CATEGORIES= security	7	CATEGORIES= security
8	MASTER_SITES= SF/opensc/${PORTNAME}	8	MASTER_SITES= SF/opensc/${PORTNAME}
9		9




--- src/pcsc/pcsc.c.orig	2007-05-25 21:11:45 UTC
+++ src/pcsc/pcsc.c
@@ -25,6 +25,7 @@
 #ifdef DEBUG_IFDH
 #include <syslog.h>
 #endif
+#include <limits.h>
 #ifdef __APPLE__
 #include <PCSC/wintypes.h>
 #include <PCSC/pcsclite.h>
@@ -390,6 +391,10 @@ IFDHTransmitToICC(DWORD Lun, SCARD_IO_HE
 	ctn = ((unsigned short)(Lun >> 16)) % IFDH_MAX_READERS;
 	slot = ((unsigned short)(Lun & 0x0000FFFF)) % IFDH_MAX_SLOTS;
 
+	if (TxLength > USHRT_MAX) {
+		(*RxLength) = 0;
+		return IFD_PROTOCOL_NOT_SUPPORTED;
+	}
 #ifdef HAVE_PTHREAD
 	pthread_mutex_lock(&ifdh_context_mutex[ctn]);
 #endif
@@ -399,7 +404,7 @@ IFDHTransmitToICC(DWORD Lun, SCARD_IO_HE
 #endif
 		dad = (UCHAR) ((slot == 0) ? 0x00 : slot + 1);
 		sad = 0x02;
-		lr = (unsigned short)(*RxLength);
+		lr = (*RxLength > USHRT_MAX) ? USHRT_MAX : (unsigned short)(*RxLength);
 		lc = (unsigned short)TxLength;
 
 		ret = CT_data(ctn, &dad, &sad, lc, TxBuffer, &lr, RxBuffer);
@@ -438,6 +443,10 @@ IFDHControl(DWORD Lun, PUCHAR TxBuffer,
 	ctn = ((unsigned short)(Lun >> 16)) % IFDH_MAX_READERS;
 	slot = ((unsigned short)(Lun & 0x0000FFFF)) % IFDH_MAX_SLOTS;
 
+	if (TxLength > USHRT_MAX) {
+		(*RxLength) = 0;
+		return IFD_PROTOCOL_NOT_SUPPORTED;
+	}
 #ifdef HAVE_PTHREAD
 	pthread_mutex_lock(&ifdh_context_mutex[ctn]);
 #endif
@@ -447,7 +456,7 @@ IFDHControl(DWORD Lun, PUCHAR TxBuffer,
 #endif
 		dad = 0x01;
 		sad = 0x02;
-		lr = (unsigned short)(*RxLength);
+		lr = (*RxLength > USHRT_MAX) ? USHRT_MAX : (unsigned short)(*RxLength);
 		lc = (unsigned short)TxLength;
 
 		ret = CT_data(ctn, &dad, &sad, lc, TxBuffer, &lr, RxBuffer);

Return to bug 204552

Line 0 Link Here

(-)openct/files/patch-src_pcsc_pcsc.c (+50 lines)
	1	--- src/pcsc/pcsc.c.orig 2007-05-25 21:11:45 UTC
	2	+++ src/pcsc/pcsc.c
	3	@@ -25,6 +25,7 @@
	4	#ifdef DEBUG_IFDH
	5	#include <syslog.h>
	6	#endif
	7	+#include <limits.h>
	8	#ifdef __APPLE__
	9	#include <PCSC/wintypes.h>
	10	#include <PCSC/pcsclite.h>
	11	@@ -390,6 +391,10 @@ IFDHTransmitToICC(DWORD Lun, SCARD_IO_HE
	12	ctn = ((unsigned short)(Lun >> 16)) % IFDH_MAX_READERS;
	13	slot = ((unsigned short)(Lun & 0x0000FFFF)) % IFDH_MAX_SLOTS;
	14
	15	+ if (TxLength > USHRT_MAX) {
	16	+ (*RxLength) = 0;
	17	+ return IFD_PROTOCOL_NOT_SUPPORTED;
	18	+ }
	19	#ifdef HAVE_PTHREAD
	20	pthread_mutex_lock(&ifdh_context_mutex[ctn]);
	21	#endif
	22	@@ -399,7 +404,7 @@ IFDHTransmitToICC(DWORD Lun, SCARD_IO_HE
	23	#endif
	24	dad = (UCHAR) ((slot == 0) ? 0x00 : slot + 1);
	25	sad = 0x02;
	26	- lr = (unsigned short)(*RxLength);
	27	+ lr = (RxLength > USHRT_MAX) ? USHRT_MAX : (unsigned short)(RxLength);
	28	lc = (unsigned short)TxLength;
	29
	30	ret = CT_data(ctn, &dad, &sad, lc, TxBuffer, &lr, RxBuffer);
	31	@@ -438,6 +443,10 @@ IFDHControl(DWORD Lun, PUCHAR TxBuffer,
	32	ctn = ((unsigned short)(Lun >> 16)) % IFDH_MAX_READERS;
	33	slot = ((unsigned short)(Lun & 0x0000FFFF)) % IFDH_MAX_SLOTS;
	34
	35	+ if (TxLength > USHRT_MAX) {
	36	+ (*RxLength) = 0;
	37	+ return IFD_PROTOCOL_NOT_SUPPORTED;
	38	+ }
	39	#ifdef HAVE_PTHREAD
	40	pthread_mutex_lock(&ifdh_context_mutex[ctn]);
	41	#endif
	42	@@ -447,7 +456,7 @@ IFDHControl(DWORD Lun, PUCHAR TxBuffer,
	43	#endif
	44	dad = 0x01;
	45	sad = 0x02;
	46	- lr = (unsigned short)(*RxLength);
	47	+ lr = (RxLength > USHRT_MAX) ? USHRT_MAX : (unsigned short)(RxLength);
	48	lc = (unsigned short)TxLength;
	49
	50	ret = CT_data(ctn, &dad, &sad, lc, TxBuffer, &lr, RxBuffer);