Re: [opensc-devel] Handling multiple USB tokens in IFD handler

[Ludovic Rousseau]

2012/4/27 Alexander Gozman a.goz...@infosec.ru:
  Hello.

Hi,

  Probably the problem I'm gonna describe is already known: OpenCT's IFD
 handler, used by pcscd, does not
 handle multiple USB tokens correctly. With one token everything works fine,
 but if you insert another one, it
 leads either to error, or even to pcscd's segmentation fault.
  The problem hides in CT_init() and CT_close() functions. The first one
 calculates wrong channel number for a
 new device, and the second causes memory corruption when deleting an item
 from a linked list.
  I've made a simple patch that corrects these problems and makes IFD handler
 work good - see the attachment.
 Hope it'll be useful.

Applied in revision 1191. Thanks for the patch.

OpenCT was maintained by Andreas Jellinghaus. Andreas has now left the
smart card world for other opportunities.
Do not expect a new release of OpenCT anytime soon.

Bye,

-- 
 Dr. Ludovic Rousseau
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Handling multiple USB tokens in IFD handler

[Alon Bar-Lev]

On Tue, May 1, 2012 at 5:20 PM, Ludovic Rousseau
ludovic.rouss...@gmail.com wrote:
 OpenCT was maintained by Andreas Jellinghaus. Andreas has now left the
 smart card world for other opportunities.
 Do not expect a new release of OpenCT anytime soon.

There is no problem to release what we have... only minor changes were
applied since last release.

Alon.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Handling multiple USB tokens in IFD handler

[Alexander Gozman]

  Hello.

  Probably the problem I'm gonna describe is already known: OpenCT's 
IFD handler, used by pcscd, does not
handle multiple USB tokens correctly. With one token everything works 
fine, but if you insert another one, it

leads either to error, or even to pcscd's segmentation fault.
  The problem hides in CT_init() and CT_close() functions. The first 
one calculates wrong channel number for a
new device, and the second causes memory corruption when deleting an 
item from a linked list.
  I've made a simple patch that corrects these problems and makes IFD 
handler work good - see the attachment.

Hope it'll be useful.

diff -Naur openct-0.6.19/src/ctapi/ctapi.c openct-0.6.19_sn/src/ctapi/ctapi.c
--- openct-0.6.19/src/ctapi/ctapi.c	2006-04-26 01:58:06.0 +0400
+++ openct-0.6.19_sn/src/ctapi/ctapi.c	2012-04-27 16:52:20.0 +0400
@@ -597,18 +597,28 @@
 
 char CT_close(unsigned short ctn)
 {
-	struct CardTerminal **ct, *this;
+struct CardTerminal *curr = cardTerminals,
+*prev = NULL;
 
-	for (ct = cardTerminals; *ct  (*ct)-ctn != ctn; ct = (*ct)-next) ;
-	this = *ct;
-	if (!this)
-		return ERR_INVALID;
-	ct_reader_disconnect(this-h);
-	ct = (this-next);
+while (curr)
+{
+if (curr-ctn == ctn)
+{
+if (prev)
+prev-next = curr-next;
+else
+cardTerminals = curr-next;
 
-	this-next = NULL;
-	free(this);
-	return OK;
+free(curr);
+}
+else
+{
+prev = curr;
+curr = curr-next;
+}
+}
+
+return OK;
 }
 
 char CT_data(unsigned short ctn, unsigned char *dad, unsigned char *sad,
diff -Naur openct-0.6.19/src/pcsc/pcsc.c openct-0.6.19_sn/src/pcsc/pcsc.c
--- openct-0.6.19/src/pcsc/pcsc.c	2007-05-26 01:11:45.0 +0400
+++ openct-0.6.19_sn/src/pcsc/pcsc.c	2012-04-27 16:51:24.0 +0400
@@ -91,7 +91,7 @@
 		if (Channel  IFDH_MAX_READERS) {
 			pn = 0;
 		} else {
-			pn = ((Channel == 0) ? 0 : Channel - 1);
+			pn = Channel;
 		}
 		ret = CT_init(ctn, pn);
 
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel