A bug in ifd_atr_parse for ATRs with absent TD1...TD4

Here is an example ATR for the new RSA SecurID 800:

   3b 0f 80 22 15 e1 5a 00 20 00 29 21 02 31 20 02 00

T0 = 0x0f, meaning that there are 15 historical bytes and zero TDX bytes.

However, the check in ifd_atr_parse does the following:

   if (len <= 2 + (atr[1] & 0x0f))
       return IFD_ERROR_INVALID_ATR;

I think it should allow len == 2 + (atr[1] & 0x0f) and be changed to
 
   if (len < 2 + (atr[1] & 0x0f))
        return IFD_ERROR_INVALID_ATR;

http://www.opensc-project.org/openct/browser/trunk/src/ifd/atr.c#L26

Thank you.
_______________________________________________
opensc-devel mailing list
opensc-devel@...
http://www.opensc-project.org/mailman/listinfo/opensc-devel

2009/11/3 Andrey Jivsov <opensc@...>:
It looks like your interpretation and proposal is correct.

--
 Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
opensc-devel@...
http://www.opensc-project.org/mailman/listinfo/opensc-devel

thanks, commited to openct trunk.

Regards, Andreas
_______________________________________________
opensc-devel mailing list
opensc-devel@...
http://www.opensc-project.org/mailman/listinfo/opensc-devel