deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix stack usage of CCID

Browse Source
This commit is contained in:
NIIBE Yutaka
2016-10-15 18:37:22 +09:00
parent 350528e1f4
commit f7d857b527
2 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -1,3 +1,7 @@
2016-10-15 Niibe Yutaka <gniibe@fsij.org>
* src/usb-ccid.c (ccid_power_on): Don't waste stack.
2016-10-14 Niibe Yutaka <gniibe@fsij.org> 2016-10-14 Niibe Yutaka <gniibe@fsij.org>
* src/usb-ccid.c (ccid_power_on) [LIFE_CYCLE_MANAGEMENT_SUPPORT]: * src/usb-ccid.c (ccid_power_on) [LIFE_CYCLE_MANAGEMENT_SUPPORT]:

26
src/usb-ccid.c
View File

@@ -771,8 +771,9 @@ extern uint8_t __process3_stack_base__[], __process3_stack_size__[];
static enum ccid_state static enum ccid_state
ccid_power_on (struct ccid *c) ccid_power_on (struct ccid *c)
{ {
size_t size_atr = sizeof (ATR_head) + historical_bytes[0] + 1; uint8_t p[CCID_MSG_HEADER_SIZE+1]; /* >= size of historical_bytes -1 */
uint8_t p[CCID_MSG_HEADER_SIZE+size_atr]; int hist_len = historical_bytes[0];
size_t size_atr = sizeof (ATR_head) + hist_len + 1;
uint8_t xor_check = 0; uint8_t xor_check = 0;
int i; int i;
@@ -792,18 +793,21 @@ ccid_power_on (struct ccid *c)
p[CCID_MSG_ERROR_OFFSET] = 0x00; p[CCID_MSG_ERROR_OFFSET] = 0x00;
p[CCID_MSG_CHAIN_OFFSET] = 0x00; p[CCID_MSG_CHAIN_OFFSET] = 0x00;
memcpy (p + CCID_MSG_HEADER_SIZE, ATR_head, sizeof (ATR_head)); usb_lld_txcpy (p, c->epi->ep_num, 0, CCID_MSG_HEADER_SIZE);
memcpy (p + CCID_MSG_HEADER_SIZE + sizeof (ATR_head), usb_lld_txcpy (ATR_head, c->epi->ep_num, CCID_MSG_HEADER_SIZE,
historical_bytes + 1, historical_bytes[0]); sizeof (ATR_head));
for (i = 1; i < (int)sizeof (ATR_head); i++)
xor_check ^= ATR_head[i];
memcpy (p, historical_bytes + 1, hist_len);
#ifdef LIFE_CYCLE_MANAGEMENT_SUPPORT #ifdef LIFE_CYCLE_MANAGEMENT_SUPPORT
if (file_selection == 255) if (file_selection == 255)
p[CCID_MSG_HEADER_SIZE + sizeof (ATR_head) + 7] = 0x03; p[7] = 0x03;
#endif #endif
for (i = 1; i < (int)size_atr - 1; i++) for (i = 0; i < hist_len; i++)
xor_check ^= p[CCID_MSG_HEADER_SIZE + i]; xor_check ^= p[i];
p[CCID_MSG_HEADER_SIZE+size_atr-1] = xor_check; p[i] = xor_check;
usb_lld_txcpy (p, c->epi->ep_num, CCID_MSG_HEADER_SIZE + sizeof (ATR_head),
usb_lld_txcpy (p, c->epi->ep_num, 0, CCID_MSG_HEADER_SIZE + size_atr); hist_len+1);
/* This is a single packet Bulk-IN transaction */ /* This is a single packet Bulk-IN transaction */
c->epi->buf = NULL; c->epi->buf = NULL;