security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

scd: Do not conflict if a card with another serialno is demanded.

Browse Source 
* scd/app.c (check_application_conflict): Add args to pass a serialno.
* scd/command.c (open_card_with_request): Pass the serialno to
check_application_conflict.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2019-06-25 09:48:18 +02:00
parent c8e62965bc
commit 92ba831758
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 26 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
scd/app-common.h
View File

@ -229,7 +229,9 @@ char *app_get_serialno (app_t app);
void app_dump_state (void); void app_dump_state (void);
void application_notify_card_reset (int slot); void application_notify_card_reset (int slot);
gpg_error_t check_application_conflict (card_t card, const char *name); gpg_error_t check_application_conflict (card_t card, const char *name,
const unsigned char *serialno_bin,
size_t serialno_bin_len);
gpg_error_t card_reset (card_t card, ctrl_t ctrl, int send_reset); gpg_error_t card_reset (card_t card, ctrl_t ctrl, int send_reset);
gpg_error_t select_application (ctrl_t ctrl, const char *name, card_t *r_app, gpg_error_t select_application (ctrl_t ctrl, const char *name, card_t *r_app,
int scan, const unsigned char *serialno_bin, int scan, const unsigned char *serialno_bin,

18
scd/app.c
View File

@ -260,10 +260,15 @@ is_app_allowed (const char *name)
* 0 - No conflict * 0 - No conflict
* GPG_ERR_FALSE - Another application is in use but it is possible * GPG_ERR_FALSE - Another application is in use but it is possible
* to switch to the requested application. * to switch to the requested application.
* other code - Switching is not possible. * Other code - Switching is not possible.
*
* If SERIALNO_BIN is not NULL a coflict is onl asserted if the
* serialno of the card matches.
*/ */
gpg_error_t gpg_error_t
check_application_conflict (card_t card, const char *name) check_application_conflict (card_t card, const char *name,
const unsigned char *serialno_bin,
size_t serialno_bin_len)
{ {
app_t app; app_t app;
@ -272,6 +277,13 @@ check_application_conflict (card_t card, const char *name)
if (!card->app) if (!card->app)
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); /* Should not happen. */ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); /* Should not happen. */
if (serialno_bin && card->serialno)
{
if (serialno_bin_len != card->serialnolen
|| memcmp (serialno_bin, card->serialno, card->serialnolen))
return 0; /* The card does not match the requested S/N. */
}
/* Check whether the requested NAME matches any already selected /* Check whether the requested NAME matches any already selected
* application. */ * application. */
for (app = card->app; app; app = app->next) for (app = card->app; app; app = app->next)
@ -638,7 +650,7 @@ select_application (ctrl_t ctrl, const char *name, card_t *r_card,
if (card) if (card)
{ {
err = check_application_conflict (card, name); err = check_application_conflict (card, name, NULL, 0);
if (!err) if (!err)
{ {
/* Note: We do not use card_ref as we are already locked. */ /* Note: We do not use card_ref as we are already locked. */

14
scd/command.c
View File

@ -228,18 +228,22 @@ open_card_with_request (ctrl_t ctrl,
size_t serialno_bin_len = 0; size_t serialno_bin_len = 0;
card_t card = ctrl->card_ctx; card_t card = ctrl->card_ctx;
if (serialno)
serialno_bin = hex_to_buffer (serialno, &serialno_bin_len);
/* If we are already initialized for one specific application we /* If we are already initialized for one specific application we
need to check that the client didn't requested a specific need to check that the client didn't requested a specific
application different from the one in use before we continue. */ application different from the one in use before we continue. */
if (apptypestr && ctrl->card_ctx) if (apptypestr && ctrl->card_ctx)
{ {
err = check_application_conflict (ctrl->card_ctx, apptypestr); err = check_application_conflict (ctrl->card_ctx, apptypestr,
serialno_bin, serialno_bin_len);
if (gpg_err_code (err) == GPG_ERR_FALSE) if (gpg_err_code (err) == GPG_ERR_FALSE)
{ {
/* Different application but switching is supported. */ /* Different application but switching is supported. */
err = select_additional_application (ctrl, apptypestr); err = select_additional_application (ctrl, apptypestr);
} }
return err; goto leave;
} }
/* Re-scan USB devices. Release CARD, before the scan. */ /* Re-scan USB devices. Release CARD, before the scan. */
@ -247,13 +251,11 @@ open_card_with_request (ctrl_t ctrl,
ctrl->card_ctx = NULL; ctrl->card_ctx = NULL;
card_unref (card); card_unref (card);
if (serialno)
serialno_bin = hex_to_buffer (serialno, &serialno_bin_len);
err = select_application (ctrl, apptypestr, &ctrl->card_ctx, 1, err = select_application (ctrl, apptypestr, &ctrl->card_ctx, 1,
serialno_bin, serialno_bin_len); serialno_bin, serialno_bin_len);
xfree (serialno_bin);
leave:
xfree (serialno_bin);
return err; return err;
} }