| Message ID | 1421679451-9096-1-git-send-email-jwhite@codeweavers.com |
|---|---|
| State | New |
| Headers | show |
On Mon, Jan 19, 2015 at 3:57 PM, Jeremy White <jwhite@codeweavers.com> wrote: > A physical smartcard with an ATR of > 3B 95 95 40 FF AE 01 0E 00 00 > was parsed incorrectly. > > The '40' should have been the second TD; instead > the FF is used, incorrectly. The second TD? There is only one here, T0 = 0x95 & 0xf0 >> 4 = b1001 > > Signed-off-by: Jeremy White <jwhite@codeweavers.com> > --- > hw/usb/ccid-card-passthru.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c > index 10f1d30..2ae3b81 100644 > --- a/hw/usb/ccid-card-passthru.c > +++ b/hw/usb/ccid-card-passthru.c > @@ -168,8 +168,8 @@ static int check_atr(PassthruState *card, uint8_t *data, int len) > opt_bytes++; > } > if (td & 0x8) { > - opt_bytes++; > td = data[opt_bytes + 2] >> 4; > + opt_bytes++; > } > } > if (len < 2 + historical_length + opt_bytes) { > -- > 1.7.10.4 > > That looks correct, opt_bytes before incrementing points to the current TD. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>> The '40' should have been the second TD; instead >> the FF is used, incorrectly. > > The second TD? There is only one here, T0 = 0x95 & 0xf0 >> 4 = b1001 Yes, sorry, I should not have capitalized TD in my comment. The code uses the variable 'td' to hold the upper 4 bits of T0, and then, if present, the upper 4 bits of TD1. So what is read imprecisely is the upper 4 bits of TD1. I don't know qemu patch protocol; that seems like a very minor detail in the comment; does it justify a resubmit? > >> >> Signed-off-by: Jeremy White <jwhite@codeweavers.com> >> --- >> hw/usb/ccid-card-passthru.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c >> index 10f1d30..2ae3b81 100644 >> --- a/hw/usb/ccid-card-passthru.c >> +++ b/hw/usb/ccid-card-passthru.c >> @@ -168,8 +168,8 @@ static int check_atr(PassthruState *card, uint8_t *data, int len) >> opt_bytes++; >> } >> if (td & 0x8) { >> - opt_bytes++; >> td = data[opt_bytes + 2] >> 4; >> + opt_bytes++; >> } >> } >> if (len < 2 + historical_length + opt_bytes) { >> -- >> 1.7.10.4 >> >> > > That looks correct, opt_bytes before incrementing points to the current TD. > > Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> >
diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c index 10f1d30..2ae3b81 100644 --- a/hw/usb/ccid-card-passthru.c +++ b/hw/usb/ccid-card-passthru.c @@ -168,8 +168,8 @@ static int check_atr(PassthruState *card, uint8_t *data, int len) opt_bytes++; } if (td & 0x8) { - opt_bytes++; td = data[opt_bytes + 2] >> 4; + opt_bytes++; } } if (len < 2 + historical_length + opt_bytes) {
A physical smartcard with an ATR of 3B 95 95 40 FF AE 01 0E 00 00 was parsed incorrectly. The '40' should have been the second TD; instead the FF is used, incorrectly. Signed-off-by: Jeremy White <jwhite@codeweavers.com> --- hw/usb/ccid-card-passthru.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)