On 08 December 2011 00:41 Douglas E. Engert wrote: > With regards to the original problem of a short serial number > being the issue, the problem may be that some code is comparing > the MAX_CONTAINER_NAME_LEN as binary and not as a string. > We may have in OpenSC some field that is not initialized to null, > foe example the WCHAR wszGuid [MAX_CONTAINER_NAME_LEN + 1]; > and this may be the problem. > > Can you try and make sure this is initialized before the call? >
The problem here lies in the serialize_guid code which insists that the input data length must be at least 16 - which makes sense if it wants to convert it to a GUID style string. However, given that it seems that the key container is not a true GUID, but just a string that needs to be unique among other key containers on the system, perhaps we could use a simpler solution. Perhaps taking the last 8 bytes of the serial number and the last 8 bytes of the ID (pre-padding both with 0x00 or 0xFF if too short). Or even fold the serial number and ID into 8 bytes if too long, so that all the information is used. This should be unique enough in all but the most pathological cases? However, I can see the first bug report when someone manages to find a serial number/ID clash - so my opinion is that it's probably worth just using a hash from the beginning. Viktor, what do you think? Cheers, Will _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
