channels/smartcard: minor robustness fixes

2026-04-15 00:44:19 +09:00 · 2015-01-19 12:04:23 -05:00
parent 8d32a86318
commit e47f1c8b80
2 changed files with 54 additions and 33 deletions
--- a/channels/smartcard/client/smartcard_operations.c
+++ b/channels/smartcard/client/smartcard_operations.c
@@ -412,16 +412,21 @@ static UINT32 smartcard_GetStatusChangeA_Call(SMARTCARD_DEVICE* smartcard, SMART
 	GetStatusChange_Return ret;
 	LPSCARD_READERSTATEA rgReaderState = NULL;
 	IRP* irp = operation->irp;
-	status = ret.ReturnCode = SCardGetStatusChangeA(operation->hContext, call->dwTimeOut, call->rgReaderStates, call->cReaders);
+
+	status = ret.ReturnCode = SCardGetStatusChangeA(operation->hContext,
+			call->dwTimeOut, call->rgReaderStates, call->cReaders);

 	if (status && (status != SCARD_E_TIMEOUT) && (status != SCARD_E_CANCELLED))
 	{
-		call->cReaders=0;
+		call->cReaders = 0;
 	}

 	ret.cReaders = call->cReaders;
 	ret.rgReaderStates = (ReaderState_Return*) calloc(ret.cReaders, sizeof(ReaderState_Return));

+	if (!ret.rgReaderStates)
+		return STATUS_NO_MEMORY;
+
 	for (index = 0; index < ret.cReaders; index++)
 	{
 		ret.rgReaderStates[index].dwCurrentState = call->rgReaderStates[index].dwCurrentState;
@@ -484,6 +489,9 @@ static UINT32 smartcard_GetStatusChangeW_Call(SMARTCARD_DEVICE* smartcard, SMART
 	ret.cReaders = call->cReaders;
 	ret.rgReaderStates = (ReaderState_Return*) calloc(ret.cReaders, sizeof(ReaderState_Return));

+	if (!ret.rgReaderStates)
+		return STATUS_NO_MEMORY;
+
 	for (index = 0; index < ret.cReaders; index++)
 	{
 		ret.rgReaderStates[index].dwCurrentState = call->rgReaderStates[index].dwCurrentState;
@@ -878,9 +886,12 @@ static UINT32 smartcard_Transmit_Decode(SMARTCARD_DEVICE* smartcard, SMARTCARD_O
 		return STATUS_NO_MEMORY;

 	status = smartcard_unpack_transmit_call(smartcard, irp->input, call);
+
 	smartcard_trace_transmit_call(smartcard, call);
+
 	operation->hContext = smartcard_scard_context_native_from_redir(smartcard, &(call->hContext));
 	operation->hCard = smartcard_scard_handle_native_from_redir(smartcard, &(call->hCard));
+
 	return status;
 }

@@ -899,11 +910,14 @@ static UINT32 smartcard_Transmit_Call(SMARTCARD_DEVICE* smartcard, SMARTCARD_OPE

 		ret.cbRecvLength = call->cbRecvLength;
 		ret.pbRecvBuffer = (BYTE*) malloc(ret.cbRecvLength);
+
+		if (!ret.pbRecvBuffer)
+			return STATUS_NO_MEMORY;
 	}

 	ret.pioRecvPci = call->pioRecvPci;
 	status = ret.ReturnCode = SCardTransmit(operation->hCard, call->pioSendPci, call->pbSendBuffer,
-											call->cbSendLength, ret.pioRecvPci, ret.pbRecvBuffer, &(ret.cbRecvLength));
+				call->cbSendLength, ret.pioRecvPci, ret.pbRecvBuffer, &(ret.cbRecvLength));
 	smartcard_trace_transmit_return(smartcard, &ret);
 	status = smartcard_pack_transmit_return(smartcard, irp->output, &ret);

@@ -1087,47 +1101,51 @@ static UINT32 smartcard_LocateCardsByATRA_Decode(SMARTCARD_DEVICE* smartcard, SM
 static UINT32 smartcard_LocateCardsByATRA_Call(SMARTCARD_DEVICE* smartcard, SMARTCARD_OPERATION* operation, LocateCardsByATRA_Call* call)
 {
 	LONG status;
-	DWORD index, index2, index3;
 	BOOL equal;
+	DWORD i, j, k;
 	GetStatusChange_Return ret;
-	LPSCARD_READERSTATEA rgReaderState2 = NULL;
+	LPSCARD_READERSTATEA state = NULL;
 	LPSCARD_READERSTATEA states = NULL;
 	IRP* irp = operation->irp;

-	states = calloc(call->cReaders, sizeof(SCARD_READERSTATEA));
-	for (index = 0; index < call->cReaders; index++)
-	{
-		states[index].szReader = (LPCSTR) call->rgReaderStates[index].szReader;
-		states[index].dwCurrentState = call->rgReaderStates[index].Common.dwCurrentState;
-		states[index].dwEventState = call->rgReaderStates[index].Common.dwEventState;
-		states[index].cbAtr = call->rgReaderStates[index].Common.cbAtr;
-		CopyMemory(&(states[index].rgbAtr), &(call->rgReaderStates[index].Common.rgbAtr), 36);
-	}
+	states = (LPSCARD_READERSTATEA) calloc(call->cReaders, sizeof(SCARD_READERSTATEA));

+	if (!states)
+		return STATUS_NO_MEMORY;
+
+	for (i = 0; i < call->cReaders; i++)
+	{
+		states[i].szReader = (LPCSTR) call->rgReaderStates[i].szReader;
+		states[i].dwCurrentState = call->rgReaderStates[i].Common.dwCurrentState;
+		states[i].dwEventState = call->rgReaderStates[i].Common.dwEventState;
+		states[i].cbAtr = call->rgReaderStates[i].Common.cbAtr;
+		CopyMemory(&(states[i].rgbAtr), &(call->rgReaderStates[i].Common.rgbAtr), 36);
+	}

 	status = ret.ReturnCode = SCardGetStatusChangeA(operation->hContext, 0x000001F4, states, call->cReaders);

 	if (status && (status != SCARD_E_TIMEOUT) && (status != SCARD_E_CANCELLED))
 	{
-		call->cReaders=0;
+		call->cReaders = 0;
 	}

-	for (index = 0; index < call->cAtrs; index++)
+	for (i = 0; i < call->cAtrs; i++)
 	{
-		for (index2 = 0; index2 < call->cReaders; index2++)
+		for (j = 0; j < call->cReaders; j++)
 		{
 			equal = TRUE;
-			for (index3 = 0; index3 < call->rgAtrMasks[index].cbAtr; index3++)
+
+			for (k = 0; k < call->rgAtrMasks[i].cbAtr; k++)
 			{
-				if ((call->rgAtrMasks[index].rgbAtr[index3] & call->rgAtrMasks[index].rgbMask[index3]) !=
-				    (states[index2].rgbAtr[index3] & call->rgAtrMasks[index].rgbMask[index3]))
+				if ((call->rgAtrMasks[i].rgbAtr[k] & call->rgAtrMasks[i].rgbMask[k]) !=
+				    (states[j].rgbAtr[k] & call->rgAtrMasks[i].rgbMask[k]))
 				{
 					equal = FALSE;
 					break;
 				}
 				if (equal)
 				{
-					states[index2].dwEventState |= SCARD_STATE_ATRMATCH;
+					states[j].dwEventState |= SCARD_STATE_ATRMATCH;
 				}
 			}
 		}
@@ -1136,13 +1154,16 @@ static UINT32 smartcard_LocateCardsByATRA_Call(SMARTCARD_DEVICE* smartcard, SMAR
 	ret.cReaders = call->cReaders;
 	ret.rgReaderStates = (ReaderState_Return*) calloc(ret.cReaders, sizeof(ReaderState_Return));

-	for (index = 0; index < ret.cReaders; index++)
+	if (!ret.rgReaderStates)
+		return STATUS_NO_MEMORY;
+
+	for (i = 0; i < ret.cReaders; i++)
 	{
-		rgReaderState2 = &states[index];
-		ret.rgReaderStates[index].dwCurrentState = rgReaderState2->dwCurrentState;
-		ret.rgReaderStates[index].dwEventState = rgReaderState2->dwEventState;
-		ret.rgReaderStates[index].cbAtr = rgReaderState2->cbAtr;
-		CopyMemory(&(ret.rgReaderStates[index].rgbAtr), &(rgReaderState2->rgbAtr), 32);
+		state = &states[i];
+		ret.rgReaderStates[i].dwCurrentState = state->dwCurrentState;
+		ret.rgReaderStates[i].dwEventState = state->dwEventState;
+		ret.rgReaderStates[i].cbAtr = state->cbAtr;
+		CopyMemory(&(ret.rgReaderStates[i].rgbAtr), &(state->rgbAtr), 32);
 	}
 	free(states);

@@ -1154,13 +1175,13 @@ static UINT32 smartcard_LocateCardsByATRA_Call(SMARTCARD_DEVICE* smartcard, SMAR

 	if (call->rgReaderStates)
 	{
-		for (index = 0; index < call->cReaders; index++)
+		for (i = 0; i < call->cReaders; i++)
 		{
-			rgReaderState2 = (LPSCARD_READERSTATEA) &call->rgReaderStates[index];
+			state = (LPSCARD_READERSTATEA) &call->rgReaderStates[i];

-			if (rgReaderState2->szReader) {
-				free((void*) rgReaderState2->szReader);
-				rgReaderState2->szReader = NULL;
+			if (state->szReader) {
+				free((void*) state->szReader);
+				state->szReader = NULL;
 			}
 		}

--- a/channels/smartcard/client/smartcard_pack.c
+++ b/channels/smartcard/client/smartcard_pack.c
@@ -2246,7 +2246,7 @@ UINT32 smartcard_unpack_transmit_call(SMARTCARD_DEVICE* smartcard, wStream* s, T
 		if (ioRecvPci.cbExtraBytes > 1024)
 		{
 			WLog_Print(smartcard->log, WLOG_WARN, "Transmit_Call ioRecvPci.cbExtraBytes is out of bounds: %d (max: %d)",
-					(int) ioSendPci.cbExtraBytes, 1024);
+					(int) ioRecvPci.cbExtraBytes, 1024);
 			return STATUS_INVALID_PARAMETER;
 		}