Frequently reused PC/SC handles #65
Assignees
Labels
Comments
emaxx-google
added a commit
that referenced
this issue
Dec 31, 2018
There was a problem that rand() was returning duplicate values, leading to our PC/SC-Lite NaCl port trying to reuse handles very frequent. While it's not well understood what's the root cause of the issues with rand() - it may be either a problem with the NaCl toolchain or in our PC/SC-Lite NaCl port - this patch fixes this issue by switching away from using rand()/srand() onto C++11 random number generators. We just use std::random_device directly for the sake of simplicity, since the random generation isn't a hot codepath in our app. This fixes issue #65.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The PC/SC server ran by the Smart Card Connector app seems to reuse the same numeric values for PC/SC session or card handles too frequently. Those handles are intended to be random, so while this reuse doesn't present an immediate problem, it may slightly affect security protection or lead to unexpected situations in client applications (in case they aren't handling such situations correctly).
Moreover, it's even not that rare that the same numeric value is exposed as both a session handle and a card handle at the same time. While this is still technically valid, client applications may not be coded carefully enough to handle this situation.
Therefore we need to make sure that the PC/SC handles returned by the Connector app are fully random.
The text was updated successfully, but these errors were encountered: