public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Oliver Neukum <oliver@neukum.org>
To: Eric Piel <Eric.Piel@tremplin-utc.net>
Cc: Laurent Bigonville <l.bigonville@edpnet.be>,
	linux-kernel@vger.kernel.org
Subject: Re: O2micro smartcard reader driver.
Date: Tue, 28 Nov 2006 12:49:45 +0100	[thread overview]
Message-ID: <200611281249.45243.oliver@neukum.org> (raw)
In-Reply-To: <456C0BD0.7080606@tremplin-utc.net>


> Latest version I've published is there:
> http://pieleric.free.fr/o2scr/

        case OZSCR_OPEN: /* Request ICC */
            dprintk("OZSCR_OPEN\n");
            ATRLength = ATR_SIZE;
            pRdrExt->IOBase = (PSCR_REGISTERS *) dev->io_base; //XXX necessary?
            pRdrExt->membase = dev->am_base; //XXX necessary?

            pRdrExt->m_SCard.AvailableProtocol = 0;
            pRdrExt->m_SCard.RqstProtocol = 0;
            dprintk("membase:%p\n", pRdrExt->membase);
            dprintk("ioport:0x%03x\n", (unsigned)pRdrExt->IOBase);

            ret = CmdResetReader( pRdrExt, FALSE, ATRBuffer, &ATRLength );
            apdu.LengthOut = ATRLength;

#ifdef PCMCIA_DEBUG
            printk(KERN_DEBUG "Open finished, ATR buffer = ");
            for( ATRLength = 0; ATRLength < apdu.LengthOut; ATRLength++ )
                printk(" [%02X] ", ATRBuffer[ATRLength] );
            printk("\n");
#endif

            memcpy( apdu.DataOut, ATRBuffer, ATRLength );
            ret = copy_to_user((struct ozscr_apdu *)arg, &apdu, sizeof(struct ozscr_apdu));
            break;

1. This needs locking against concurrent ioctls
2. The interpretation of copy_to_user()'s return code is incorrect

            ret = copy_from_user(&apdu, (struct ozscr_apdu *)arg, sizeof(struct ozscr_apdu));
You need to check ret, or you might write shit to the device
            pRdrExt->IOBase = (PSCR_REGISTERS *) dev->io_base;
            pRdrExt->membase = dev->am_base;
            pRdrExt->m_SCard.RqstProtocol = apdu.DataIn[6];
            dprintk("membase:%p\n", pRdrExt->membase);
            dprintk("ioport:0x%03x\n", (unsigned)pRdrExt->IOBase);
            ret = CmdResetReader( pRdrExt, FALSE, ATRBuffer, &ATRLength );

	HTH
		Oliver

  reply	other threads:[~2006-11-28 11:48 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-27 17:28 O2micro smartcard reader driver Laurent Bigonville
2006-11-28 10:13 ` Eric Piel
2006-11-28 11:49   ` Oliver Neukum [this message]
2006-12-12 21:28     ` Eric Piel
2006-12-12 22:05       ` Oliver Neukum
2007-02-16 23:36       ` Markus Rechberger
2007-02-17  3:55         ` Markus Rechberger
2007-02-19 11:04           ` Éric Piel
2006-11-28 12:19 ` Andreas Jellinghaus
2006-11-28 20:50   ` Laurent Bigonville
  -- strict thread matches above, loose matches on Subject: below --
2007-02-19 12:15 Markus Rechberger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200611281249.45243.oliver@neukum.org \
    --to=oliver@neukum.org \
    --cc=Eric.Piel@tremplin-utc.net \
    --cc=l.bigonville@edpnet.be \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox