Bug 891852 - pcsc-lite: incorrect check in SCardGetAttrib and SCardSetAttrib handling
pcsc-lite: incorrect check in SCardGetAttrib and SCardSetAttrib handling
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pcsc-lite (Show other bugs)
6.4
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Bob Relyea
Asha Akkiangady
:
Depends On:
Blocks: 895654
  Show dependency treegraph
 
Reported: 2013-01-04 03:07 EST by Tomas Hoger
Modified: 2013-02-21 06:00 EST (History)
6 users (show)

See Also:
Fixed In Version: pcsc-lite-1.5.2-11.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 06:00:35 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2013-01-04 03:07:21 EST
Quoting from bug 596426 comment 43:

The patch pcsc-lite-1.5.2-overflow.patch in pcsc-lite-1.5.2-6.el6.src.rpm
breaks SCardGetAttrib on Red Hat Enterprise Linux 6. It will always return
SCARD_E_INSUFFICIENT_BUFFER regardless of buffer size.

Case 1. If buffer is less than or equal to MAX_BUFFER_SIZE the patched in check
in MSGFunctionDemarshall will fail with SCARD_E_INSUFFICIENT_BUFFER.

case SCARD_GET_ATTRIB:
  gsStr = ((getset_struct *) msgStruct->data);
  rv = MSGCheckHandleAssociation(gsStr->hCard, dwContextIndex);
  if (rv != 0) return rv;

  /* avoids buffer overflow */
  if (gsStr->cbAttrLen <= sizeof(gsStr->pbAttr))
  {
      gsStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
      break;
  } 

Case 2. If buffer is larger than MAX_BUFFER_SIZE the call fail in
winscard_clnt.c:SCardGetSetAttrib instead. The result is
SCARD_E_INSUFFICIENT_BUFFER. (This case is not affected by the patch)

Case 3. If buffer is set to NULL to query required buffer
size. SCardGetSetAttrib will set buffer size to MAX_BUFFER_SIZE and the call
will fail as in case 1.

Not sure if this is the right bug to report this in or what the buffer size check is supposed to achieve but it will definitely make SCardGetAttrib defunct.
Comment 7 Asha Akkiangady 2013-02-04 12:25:08 EST
Verified Sanity Only, with the fix SSO with smart cards caused no regressions.
Comment 8 errata-xmlrpc 2013-02-21 06:00:35 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0525.html

Note You need to log in before you can comment on or make changes to this bug.