Re: [opensc-devel] Wrong check for response APDU buffer

Tue, 11 Dec 2012 07:59:18 -0800 


On 12/7/2012 5:15 PM, Frank Morgner wrote:
> Hi!
>
> Currently, sc_check_apdu checks the length of an R-APDU buffer using
> SC_MAX_APDU_BUFFER_SIZE, which defines the maximum length for a C-APDU.
> https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/apdu.c#L415
> https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/apdu.c#L392

Yes this looks like a bug as SC_MAX_APDU_BUFFER_SIZE is for max size of ADPU
that can be sent, not size of receive buffer:
#define SC_MAX_APDU_BUFFER_SIZE         261 /* takes account of: CLA INS P1 P2 
Lc [255 byte of data] Le */


>
> A quick fix would be to use 0xff+1/0xffff+1 instead. However, in
> multiple files I have seen this wrong usage of SC_MAX_APDU_BUFFER_SIZE
> (eg, see `grep rbuf *.c | grep SC_MAX_APDU_BUFFER_SIZE`). Unfortunately
> I dont have time to check libopensc in depth, so I leave this up to the
> community.
>

Do you mean something like this:

--- ,apdu.c     Tue Dec  4 08:43:40 2012
+++ apdu.c      Tue Dec 11 09:50:50 2012
@@ -389,7 +389,7 @@
                 if (apdu->resplen == 0 || apdu->resp == NULL)
                         goto error;
                 /* return buffer to small */
-               if ((apdu->le == 0 && apdu->resplen < SC_MAX_APDU_BUFFER_SIZE-2)
+               if ((apdu->le == 0 && apdu->resplen < ((apdu->cse & 
SC_APDU_EXT) ? 65536 : 256))
                                 || (apdu->resplen < apdu->le))
                         goto error;
                 break;
@@ -412,7 +412,7 @@
                 if (apdu->resplen == 0 || apdu->resp == NULL)
                         goto error;
                 /* return buffer to small */
-               if ((apdu->le == 0 && apdu->resplen < SC_MAX_APDU_BUFFER_SIZE-2)
+       if ((apdu->le == 0 && apdu->resplen < ((apdu->cse & SC_APDU_EXT) ? 
65536 : 256)
                                 || (apdu->resplen < apdu->le))
                         goto error;
                 /* inconsistent datalen   */



>
>
> _______________________________________________
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>

-- 

  Douglas E. Engert  <deeng...@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to