[Pcsclite-muscle] Possible data truncation on receive in 1.8.14

Marcin Cieslak saper
Sat Nov 14 15:28:56 PST 2015

On Sat, 14 Nov 2015, Ludovic Rousseau wrote:

> > 8eb9ea1b354b050f997d003cf3b0c5b56f29f9f7 is strange because
> > requested buffer size given by the client application is no
> > longer used(!), only maximal value is used.
> >
> The size given by the client is used to report an error if the buffer is
> too small.
> The test is performed _after_ the command has been sent to the cardreader +
> card.
> I do not plan to change pcsc-lite just because CT-API is limited.

It's a pity since pcsc-lite worked in this setup since 1.6.x or
maybe even earlier. I understand you strive for correctness over
robustness :)

It is also unfortunate that extended APDU size is slighly larger than
the CT-API limit and it's hard to tell if the extended APDU is supported,
but maybe if the client picks a small reply size a smaller buffer could
be used?


More information about the pcsclite-muscle mailing list