[Pcsclite-muscle] SCardConnect behavior with invalid contexts
Maksim Ivanov
emaxx at google.com
Wed Aug 5 18:46:21 EDT 2020
Ludovic,
Thank you for the quick reply and the fix!
I'm not sure if publishing the reproduction code would be really
useful - at least I cannot come up with a good use case for this.
Maybe someone will chime in if they see a strong reason for having
this code published.
I guess what would be cool is to have an automated test in the
PC/SC-Lite repository that would simulate this reproduction scenario
and verify that the bug doesn't happen. But writing such a test might
be a challenging task, in case there's no easy way to mock out the
system environment, IFD handler, etc.
Regards,
Maksim
On Wed, Aug 5, 2020 at 6:11 PM Ludovic Rousseau
<ludovic.rousseau at gmail.com> wrote:
>
> Le mar. 28 juil. 2020 à 15:11, Maksim Ivanov <emaxx at google.com> a écrit :
> >
> > Hello,
>
> Hello Maksim,
>
> > I believe that there's a potential problem with the SCardConnect
> > implementation that it doesn't check the received SCARDCONTEXT
> > *before* executing the command. This might result in an unexpected
> > state, where the SCardConnect() caller receives an error code
> > meanwhile the connection to the card is actually established (which,
> > for example, might be an exclusive connection that prevents anyone
> > else from connecting to the card).
> >
> > In detail, the ContextThread() function in winscard_svc.c, when
> > receiving the SCARD_CONNECT command, calls first SCardConnect() from
> > winscard.c, and then MSGAddHandle(). The former ignores SCARDCONTEXT
> > and, if possible, establishes a connection to the card. The latter
> > does check the SCARDCONTEXT value, but this happens after the
> > connection is already established, and its error is just returned to
> > the caller (without closing the just-opened connection).
> >
> > Would it make sense to add a check of SCARDCONTEXT before calling
> > SCardConnect(), and/or to call SCardDisconnect() if MSGAddHandle()
> > fails?
>
> Exact.
> Fixed in https://salsa.debian.org/rousseau/PCSC/-/commit/36bc9446b40fa3c6ac12312b934f4d7131659087
>
> Do you think it is a good idea to publish my exploitation (reproduction) code?
> Is someone interested in such a code? And why?
>
> Thanks
>
> --
> Dr. Ludovic Rousseau
More information about the pcsclite-muscle
mailing list