card-piv.c - Card matching fix for unknown card

During card matching, only use GET DATA of Discovery object before or in place of SELECT AID, if the ATR matches a known card or user has forced the card type or forced the use of a PIV driver. This avoids possible state change in the unknown card if used by other processes. partial fox for OpenSC#3108 On branch piv-fix-OpenSC#3108 Changes to be committed: modified: card-piv.c
dengert · Apr 12, 2024 · b293f00 · b293f00
1 parent 6a98d4a
commit b293f00
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c
@@ -5468,9 +5468,16 @@ static int piv_match_card_continued(sc_card_t *card)
 	 * Will fail for other reasons if wrong applet is selected or bad PIV implementation.
 	 */
 
-	/* first test if PIV is active applet without using AID If fails use the AID */
+	/*
+	* if ATR matched or user forced card type 
+	* test if PIV is active applet without using AID If fails use the AID 
+	*/
+
+	if (card->type != SC_CARD_TYPE_PIV_II_BASE)
+		r = piv_find_discovery(card);
+	else
+		r = SC_CARD_TYPE_UNKNOWN;
 
-	r = piv_find_discovery(card);
 	if (r < 0) {
 		piv_obj_cache_free_entry(card, PIV_OBJ_DISCOVERY, 0); /* don't cache  on failure */
 		r = piv_find_aid(card);