[Pcsclite-muscle] [PATCH] ContextThread: SCARD_TRANSMIT: work around CT API recv buffer size of 64k

Marc Kleine-Budde mkl
Tue Dec 8 04:39:19 PST 2015

In commit:

    8eb9ea1b354b SCardTransmit() may return SCARD_E_INSUFFICIENT_BUFFER

the recv buffer size, passed to the SCardTransmit() function, is set
unconditionally to "sizeof pbRecvBuffer", which is 64k + 12. This leads to
problems when the CT API is used in the lower layers, as the CT API implements
a maximum recv buffer size of 64k.

This leads to the truncation of the recv buffer size to 12. If the client has
supplied a buffer of >12 bytes, resulting in truncated reads. This patch tries
to work around the problem, by not unconditionally passing the recv buffer size
of "sizeof pbRecvBuffer" (64k + 12), but increasing the client supplied buffer
by one, keeping the "sizeof pbRecvBuffer" as an upper bound. This way a too
small recv buffer passed by the client can still be detected, but the CT API
limit of 64k is not exceeded if the buffer is below 64k.

Cc: Marcin Cieslak <saper at saper.info>
 src/winscard_svc.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/winscard_svc.c b/src/winscard_svc.c
index 75e4c8e4e8e1..a623fd60f631 100644
--- a/src/winscard_svc.c
+++ b/src/winscard_svc.c
@@ -636,7 +636,20 @@ static void ContextThread(LPVOID newContext)
 				ioSendPci.cbPciLength = trStr.ioSendPciLength;
 				ioRecvPci.dwProtocol = trStr.ioRecvPciProtocol;
 				ioRecvPci.cbPciLength = trStr.ioRecvPciLength;
+				/* The CT API implements a max recv buffer size of 64k,
+				 * while "sizeof pbRecvBuffer" is "64k + 12". This leads
+				 * to trunkation of max recv buffer size to "12" when
+				 * using "sizeof pbRecvBuffer", even if the client
+				 * specifies a much smaller recv buffer.
+				 *
+				 * Here we increase the client buffer by one
+				 * (but keeping "sizeof pbRecvBuffer" as maximum),
+				 * so that we can detect a too small client buffer
+				 * later.
+				 */
 				cbRecvLength = sizeof pbRecvBuffer;
+				if (cbRecvLength > trStr.pcbRecvLength + 1)
+					cbRecvLength = trStr.pcbRecvLength + 1;
 				trStr.rv = SCardTransmit(trStr.hCard, &ioSendPci,
 					pbSendBuffer, trStr.cbSendLength, &ioRecvPci,

More information about the pcsclite-muscle mailing list