From 082b4b59d3494fe2084f0acf45d28945c6308069 Mon Sep 17 00:00:00 2001 From: akallabeth Date: Mon, 25 Jan 2021 16:22:50 +0100 Subject: [PATCH] Fixed SCardGetAttrib pbAttr=NULL argument If fpbAttrIsNULL!=0 set pbAttr NULL on call to SCardGetAttrib --- .../smartcard/client/smartcard_operations.c | 31 +++++++++---------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/channels/smartcard/client/smartcard_operations.c b/channels/smartcard/client/smartcard_operations.c index 5bcd624f9..da86ff865 100644 --- a/channels/smartcard/client/smartcard_operations.c +++ b/channels/smartcard/client/smartcard_operations.c @@ -1863,31 +1863,30 @@ static LONG smartcard_SetAttrib_Decode(SMARTCARD_DEVICE* smartcard, SMARTCARD_OP static LONG smartcard_GetAttrib_Call(SMARTCARD_DEVICE* smartcard, SMARTCARD_OPERATION* operation) { + BOOL autoAllocate = FALSE; LONG status; - DWORD cbAttrLen; - BOOL autoAllocate; - GetAttrib_Return ret; + DWORD cbAttrLen = 0; + LPBYTE pbAttr = NULL; + GetAttrib_Return ret = { 0 }; IRP* irp = operation->irp; - GetAttrib_Call* call = operation->call; - ret.pbAttr = NULL; + const GetAttrib_Call* call = operation->call; - if (call->fpbAttrIsNULL) - call->cbAttrLen = 0; - - autoAllocate = (call->cbAttrLen == SCARD_AUTOALLOCATE) ? TRUE : FALSE; - - if (call->cbAttrLen && !autoAllocate) + if (!call->fpbAttrIsNULL) { - ret.pbAttr = (BYTE*)malloc(call->cbAttrLen); + autoAllocate = (call->cbAttrLen == SCARD_AUTOALLOCATE) ? TRUE : FALSE; + pbAttr = autoAllocate ? (LPBYTE) & (ret.pbAttr) : ret.pbAttr; + cbAttrLen = call->cbAttrLen; + } + + if (cbAttrLen && !autoAllocate) + { + ret.pbAttr = (BYTE*)malloc(cbAttrLen); if (!ret.pbAttr) return SCARD_E_NO_MEMORY; } - cbAttrLen = call->cbAttrLen; - ret.ReturnCode = - SCardGetAttrib(operation->hCard, call->dwAttrId, - autoAllocate ? (LPBYTE) & (ret.pbAttr) : ret.pbAttr, &cbAttrLen); + ret.ReturnCode = SCardGetAttrib(operation->hCard, call->dwAttrId, pbAttr, &cbAttrLen); log_status_error(TAG, "SCardGetAttrib", ret.ReturnCode); ret.cbAttrLen = cbAttrLen;