[Qemu-devel] [PATCH] Retrieve the correct TD byte when checking an ATR.

[Qemu-devel] [PATCH] Retrieve the correct TD byte when checking an ATR.

[Jeremy White]

A physical smartcard with an ATR of
  3B 95 95 40 FF AE 01 0E 00 00
was parsed incorrectly.

The '40' should have been the second TD; instead
the FF is used, incorrectly.

Signed-off-by: Jeremy White <jwhite@codeweavers.com>
---
 hw/usb/ccid-card-passthru.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c
index 10f1d30..2ae3b81 100644
--- a/hw/usb/ccid-card-passthru.c
+++ b/hw/usb/ccid-card-passthru.c
@@ -168,8 +168,8 @@ static int check_atr(PassthruState *card, uint8_t *data, int len)
             opt_bytes++;
         }
         if (td & 0x8) {
-            opt_bytes++;
             td = data[opt_bytes + 2] >> 4;
+            opt_bytes++;
         }
     }
     if (len < 2 + historical_length + opt_bytes) {
-- 
1.7.10.4

Re: [Qemu-devel] [PATCH] Retrieve the correct TD byte when checking an ATR.

[Marc-André Lureau]

On Mon, Jan 19, 2015 at 3:57 PM, Jeremy White <jwhite@codeweavers.com> wrote:
> A physical smartcard with an ATR of
>   3B 95 95 40 FF AE 01 0E 00 00
> was parsed incorrectly.
>
> The '40' should have been the second TD; instead
> the FF is used, incorrectly.

The second TD? There is only one here, T0 = 0x95 & 0xf0 >> 4 = b1001

>
> Signed-off-by: Jeremy White <jwhite@codeweavers.com>
> ---
>  hw/usb/ccid-card-passthru.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c
> index 10f1d30..2ae3b81 100644
> --- a/hw/usb/ccid-card-passthru.c
> +++ b/hw/usb/ccid-card-passthru.c
> @@ -168,8 +168,8 @@ static int check_atr(PassthruState *card, uint8_t *data, int len)
>              opt_bytes++;
>          }
>          if (td & 0x8) {
> -            opt_bytes++;
>              td = data[opt_bytes + 2] >> 4;
> +            opt_bytes++;
>          }
>      }
>      if (len < 2 + historical_length + opt_bytes) {
> --
> 1.7.10.4
>
>

That looks correct, opt_bytes before incrementing points to the current TD.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

-- 
Marc-André Lureau

Re: [Qemu-devel] [PATCH] Retrieve the correct TD byte when checking an ATR.

[Jeremy White]

>> The '40' should have been the second TD; instead
>> the FF is used, incorrectly.
> 
> The second TD? There is only one here, T0 = 0x95 & 0xf0 >> 4 = b1001

Yes, sorry, I should not have capitalized TD in my comment.  The code
uses the variable 'td' to hold the upper 4 bits of T0, and then, if
present, the upper 4 bits of TD1.  So what is read imprecisely is the
upper 4 bits of TD1.

I don't know qemu patch protocol; that seems like a very minor detail in
the comment; does it justify a resubmit?

> 
>>
>> Signed-off-by: Jeremy White <jwhite@codeweavers.com>
>> ---
>>  hw/usb/ccid-card-passthru.c |    2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c
>> index 10f1d30..2ae3b81 100644
>> --- a/hw/usb/ccid-card-passthru.c
>> +++ b/hw/usb/ccid-card-passthru.c
>> @@ -168,8 +168,8 @@ static int check_atr(PassthruState *card, uint8_t *data, int len)
>>              opt_bytes++;
>>          }
>>          if (td & 0x8) {
>> -            opt_bytes++;
>>              td = data[opt_bytes + 2] >> 4;
>> +            opt_bytes++;
>>          }
>>      }
>>      if (len < 2 + historical_length + opt_bytes) {
>> --
>> 1.7.10.4
>>
>>
> 
> That looks correct, opt_bytes before incrementing points to the current TD.
> 
> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>