[S] Change in android-apdu-proxy[master]: OmapiCallbackHandlerVpcd: add check to filter short TPDUs

Fri, 09 Jan 2026 04:26:14 -0800 

dexter has uploaded this change for review. ( 
https://gerrit.osmocom.org/c/android-apdu-proxy/+/41801?usp=email )


Change subject: OmapiCallbackHandlerVpcd: add check to filter short TPDUs
......................................................................

OmapiCallbackHandlerVpcd: add check to filter short TPDUs

Related: OS#6836
Change-Id: I4e76afd7cf4d63c67b1525202fbe74e0796b2ba3
---
M app/src/main/java/org/osmocom/androidApduProxy/OmapiCallbackHandlerVpcd.java
1 file changed, 10 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/android-apdu-proxy 
refs/changes/01/41801/1

diff --git 
a/app/src/main/java/org/osmocom/androidApduProxy/OmapiCallbackHandlerVpcd.java 
b/app/src/main/java/org/osmocom/androidApduProxy/OmapiCallbackHandlerVpcd.java
index f443ac2..b33d28c 100644
--- 
a/app/src/main/java/org/osmocom/androidApduProxy/OmapiCallbackHandlerVpcd.java
+++ 
b/app/src/main/java/org/osmocom/androidApduProxy/OmapiCallbackHandlerVpcd.java
@@ -101,6 +101,16 @@
             @Override
             public byte[] vpcdTransact(byte[] tpdu) {
                 Log.i("PROXY", "Exchanging TPDU...\n");
+
+                //All TPDUs that we receive here should have a minimum length 
of 5 bytes. Under normal conditins, short
+                //TPDUs should not occurr as they should already be filtered 
out by the layers that call this method.
+                //To ensure seamless operation, let's check the TPDU length 
and reject short TPDUs immediately.
+                if (tpdu.length < 5) {
+                    Log.e("PROXY", String.format("Rejecting short TPDU 
(%s)...\n", Utils.b2h(tpdu)));
+                    //see also ISO/IEC 7816-4, table 5 (wrong length; no 
further indication)
+                    return (Utils.h2b("6700"));
+                }
+
                 //In case the TPDU contains a SELECT by DF-Name, which is 
forbidden by OMAPI by design, we must
                 //find an alternative solution: In case the SELECT targets the 
currently selected application,
                 //we just use the FID 7FFF, which is an alias for the 
currently selected application. In case the

--
To view, visit https://gerrit.osmocom.org/c/android-apdu-proxy/+/41801?usp=email
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: android-apdu-proxy
Gerrit-Branch: master
Gerrit-Change-Id: I4e76afd7cf4d63c67b1525202fbe74e0796b2ba3
Gerrit-Change-Number: 41801
Gerrit-PatchSet: 1
Gerrit-Owner: dexter <[email protected]>

Reply via email to