[Pcsclite-muscle] found possible bug

Ludovic Rousseau ludovic.rousseau
Sun Feb 26 07:06:51 PST 2017 

2017-02-18 19:06 GMT+01:00 Wolfgang Pichler <wpichler at callino.at>:

> Hi all,
>

Hello,


>
> struggling with my gemalto stick (as in my previous mail) - i found a
> possible bug - for which i now created a workaround - because i don?t know
> the exact source for the problem.
>
> In libccid-1.4.22
>
> in src/ccid_usb.c - in the ReadUSB Function
>
> For whatever Reason - it got called for my stick with a value of 65556
> (the main thing here will be to find out why it does like to read that many
> bytes?)
>
> The call to libusb_bulk_transfer did failed then - but did not return
> something negative - only 0 bytes.
>
> libusb_bulk_transfer is defined with the length as int (not unsigend int
> !) - for whatever reason
>

This change is planed for a next major version of libusb: use size_t
instead of int for a buffer size.

Note that 65556 can easily be stored in a 4-bytes int.



> so the unsigned int value will get a negative value - so the
> libusb_bulk_transfer will return with 0 bytes because it can not read
> negative number of bytes (this sound clear to me)
>

Your int is a 2-bytes value?
What platform are you using?


>
> So - quick and dirty - i added a check if the value is greater than 4096 -
> then make the length=4096 - and do read
>
> --- ccid-1.4.22/src/ccid_usb.c  2016-01-10 13:26:09.000000000 +0000
> +++ ccid-1.4.22-patched/src/ccid_usb.c  2017-02-18 18:02:40.225678226
> +0000
> @@ -800,7 +800,9 @@
>  read_again:
>         (void)snprintf(debug_header, sizeof(debug_header), "<- %06X ",
>                 (int)reader_index);
> -
> +       if (*length > 4096) {
> +               *length = 4096;
> +       }
>         rv = libusb_bulk_transfer(usbDevice[reader_index].dev_handle,
>                 usbDevice[reader_index].bulk_in, buffer, *length,
>                 &actual_length, usbDevice[reader_index].ccid.readTimeout);
>
>
> At the start it does throw this failure
>
> 00000020 ccid.c:212:set_gemalto_firmware_features() GET_FIRMWARE_FEATURES
> failed: 612, len=0
>
> Maybe because of this it does not know the max size which it could read
> from the device ?
>

Can you provide a full pcscd log (without any code change)?

Thanks

-- 
 Dr. Ludovic Rousseau
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pcsclite-muscle/attachments/20170226/b37c01e9/attachment.html>

More information about the pcsclite-muscle mailing list