[Pcsclite-muscle] Bug with SCardCancel followed by new requests on the waiting thread

Maksim Ivanov emaxx
Thu Mar 10 11:01:29 PST 2016


Hello all,

Looks like there is a bug related to the management of the blocking
requests and of their cancellation.

The reproduce steps are the following. Two threads: thread 1 and
thread 2. Thread 2 calls SCardGetStatusChange and blocks (with waiting
for some event X). Thread 1 calls SCardCancel. Thread 2 unblocks from
SCardGetStatusChange due to the cancellation, and starts issuing other
PC/SC-Lite API calls. After that, something that triggers the event X
happens. After that the PC/SC-Lite API calls that thread 2 is making
start to break (they return inconsistent results).

The underlying reason is that cancellation in the current
implementation of the PC/SC-Lite service does not unsubscribe the
client from the list of clients waiting for events. So, when the event
finally occurs, the event response is written into the client's
socket, even if the cancellation had already happened before. Putting
unexpected data into the socket shifts the responses of all further
PC/SC-Lite API calls made by that client.

If the analysis above is correct, then the correct fix would be
probably just adding a "EHTryToUnregisterClientForEvent(fd)" statement
into the handler of the SCARD_CANCEL message in function ContextThread
(file winscard_svc.c).


Thanks,
Maksim




More information about the pcsclite-muscle mailing list