> Latest version I've published is there:
> http://pieleric.free.fr/o2scr/
case OZSCR_OPEN: /* Request ICC */
dprintk("OZSCR_OPEN\n");
ATRLength = ATR_SIZE;
pRdrExt->IOBase = (PSCR_REGISTERS *) dev->io_base; //XXX necessary?
pRdrExt->membase = dev->am_base; //XXX necessary?
pRdrExt->m_SCard.AvailableProtocol = 0;
pRdrExt->m_SCard.RqstProtocol = 0;
dprintk("membase:%p\n", pRdrExt->membase);
dprintk("ioport:0x%03x\n", (unsigned)pRdrExt->IOBase);
ret = CmdResetReader( pRdrExt, FALSE, ATRBuffer, &ATRLength );
apdu.LengthOut = ATRLength;
#ifdef PCMCIA_DEBUG
printk(KERN_DEBUG "Open finished, ATR buffer = ");
for( ATRLength = 0; ATRLength < apdu.LengthOut; ATRLength++ )
printk(" [%02X] ", ATRBuffer[ATRLength] );
printk("\n");
#endif
memcpy( apdu.DataOut, ATRBuffer, ATRLength );
ret = copy_to_user((struct ozscr_apdu *)arg, &apdu, sizeof(struct ozscr_apdu));
break;
1. This needs locking against concurrent ioctls
2. The interpretation of copy_to_user()'s return code is incorrect
ret = copy_from_user(&apdu, (struct ozscr_apdu *)arg, sizeof(struct ozscr_apdu));
You need to check ret, or you might write shit to the device
pRdrExt->IOBase = (PSCR_REGISTERS *) dev->io_base;
pRdrExt->membase = dev->am_base;
pRdrExt->m_SCard.RqstProtocol = apdu.DataIn[6];
dprintk("membase:%p\n", pRdrExt->membase);
dprintk("ioport:0x%03x\n", (unsigned)pRdrExt->IOBase);
ret = CmdResetReader( pRdrExt, FALSE, ATRBuffer, &ATRLength );
HTH
Oliver
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
