libpcscspy: fix a crash with NULL pointers

If the application uses pioRecvPci parameter set to NULL in SCardTransmit() then the spy library crashed. But NULL is a valid value for this parameter. We also handle tha case pioSendPci set to NULL even if this case will return an error, but the spy library also crashed. Thanks to Amreo for the bug report Fixes: #159
LudovicRousseau · Sep 26, 2023 · 52670e5 · 52670e5
1 parent 549922c
commit 52670e5
Showing 1 changed file with 20 additions and 4 deletions.
diff --git a/src/spy/libpcscspy.c b/src/spy/libpcscspy.c
@@ -590,13 +590,29 @@ PCSC_API p_SCardTransmit(SCardTransmit)
 
 	Enter();
 	spy_long(hCard);
-	spy_long(pioSendPci->dwProtocol);
-	spy_long(pioSendPci->cbPciLength);
+	if (pioSendPci)
+	{
+		spy_long(pioSendPci->dwProtocol);
+		spy_long(pioSendPci->cbPciLength);
+	}
+	else
+	{
+		spy_long(-1);
+		spy_long(-1);
+	}
 	spy_buffer(pbSendBuffer, cbSendLength);
 	rv = spy.SCardTransmit(hCard, pioSendPci, pbSendBuffer, cbSendLength,
 		pioRecvPci, pbRecvBuffer, pcbRecvLength);
-	spy_long(pioRecvPci->dwProtocol);
-	spy_long(pioRecvPci->cbPciLength);
+	if (pioRecvPci)
+	{
+		spy_long(pioRecvPci->dwProtocol);
+		spy_long(pioRecvPci->cbPciLength);
+	}
+	else
+	{
+		spy_long(-1);
+		spy_long(-1);
+	}
 	if (pcbRecvLength)
 		spy_buffer(pbRecvBuffer, *pcbRecvLength);
 	else