laforge has uploaded this change for review. (
https://gerrit.osmocom.org/c/osmo-ccid-firmware/+/42193?usp=email )
Change subject: ccid_slot_fsm.c: Reject T=0 TPDU > 260 bytes
......................................................................
ccid_slot_fsm.c: Reject T=0 TPDU > 260 bytes
The CCID v1.1 specification states a T=0 TPDU must not exceed 260 bytes,
so let's properly handle this error case.
Change-Id: Iceb0013adf448fe56c909fd8ccf14a021d8b7331
---
M ccid_common/ccid_slot_fsm.c
1 file changed, 5 insertions(+), 0 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-ccid-firmware
refs/changes/93/42193/1
diff --git a/ccid_common/ccid_slot_fsm.c b/ccid_common/ccid_slot_fsm.c
index 0c56275..027dc2c 100644
--- a/ccid_common/ccid_slot_fsm.c
+++ b/ccid_common/ccid_slot_fsm.c
@@ -356,6 +356,11 @@
if (msgb_length(msg) != xfb->hdr.dwLength + 10)
return -1;
+ /* CCID spec v1.1 Section 6.1.4 states:
+ * "the absolute maximum block size for a TPDU T=0 block is 260 *
bytes" */
+ if (xfb->hdr.dwLength > 260)
+ return -1;
+
/* might be unpowered after failed ppss that led to reset */
if (cs->icc_powered != true)
return -0;
--
To view, visit https://gerrit.osmocom.org/c/osmo-ccid-firmware/+/42193?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: osmo-ccid-firmware
Gerrit-Branch: master
Gerrit-Change-Id: Iceb0013adf448fe56c909fd8ccf14a021d8b7331
Gerrit-Change-Number: 42193
Gerrit-PatchSet: 1
Gerrit-Owner: laforge <[email protected]>
