[S] Change in android-apdu-proxy[master]: OmapiCallbackHandlerVpcd: add check to filter shortTPDUs

Mon, 19 Jan 2026 03:35:08 -0800 

laforge has submitted this change. ( 
https://gerrit.osmocom.org/c/android-apdu-proxy/+/41801?usp=email )

Change subject: OmapiCallbackHandlerVpcd: add check to filter shortTPDUs
......................................................................

OmapiCallbackHandlerVpcd: add check to filter shortTPDUs

Related: OS#6836
Change-Id: I4e76afd7cf4d63c67b1525202fbe74e0796b2ba3
---
M app/src/main/java/org/osmocom/androidApduProxy/OmapiCallbackHandlerVpcd.java
1 file changed, 10 insertions(+), 0 deletions(-)

Approvals:
  laforge: Looks good to me, approved
  Jenkins Builder: Verified




diff --git 
a/app/src/main/java/org/osmocom/androidApduProxy/OmapiCallbackHandlerVpcd.java 
b/app/src/main/java/org/osmocom/androidApduProxy/OmapiCallbackHandlerVpcd.java
index c71581c..0b880fb 100644
--- 
a/app/src/main/java/org/osmocom/androidApduProxy/OmapiCallbackHandlerVpcd.java
+++ 
b/app/src/main/java/org/osmocom/androidApduProxy/OmapiCallbackHandlerVpcd.java
@@ -101,6 +101,16 @@
             @Override
             public byte[] vpcdTransact(byte[] tpdu) {
                 Log.i("PROXY", "Exchanging TPDU...\n");
+
+                //All TPDUs that we receive here should have a minimum length 
of 5 bytes. Under normal conditins, short
+                //TPDUs should not occurr as they should already be filtered 
out by the layers that call this method.
+                //To ensure seamless operation, let's check the TPDU length 
and reject short TPDUs immediately.
+                if (tpdu.length < 5) {
+                    Log.e("PROXY", String.format("Rejecting short TPDU 
(%s)...\n", Utils.b2h(tpdu)));
+                    //see also ISO/IEC 7816-4, table 5 (wrong length; no 
further indication)
+                    return (Utils.h2b("6700"));
+                }
+
                 //In case the TPDU contains a SELECT by DF-Name, which is 
forbidden by OMAPI by design, we must
                 //find an alternative solution: In case the SELECT targets the 
currently selected application,
                 //we just use the FID 7FFF, which is an alias for the 
currently selected application. In case the

--
To view, visit https://gerrit.osmocom.org/c/android-apdu-proxy/+/41801?usp=email
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: merged
Gerrit-Project: android-apdu-proxy
Gerrit-Branch: master
Gerrit-Change-Id: I4e76afd7cf4d63c67b1525202fbe74e0796b2ba3
Gerrit-Change-Number: 41801
Gerrit-PatchSet: 3
Gerrit-Owner: dexter <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <[email protected]>

Reply via email to