laforge has submitted this change. (
https://gerrit.osmocom.org/c/osmo-remsim/+/42230?usp=email )
Change subject: remsim-client: Don't attempt to pass on illegal TPDU length
......................................................................
remsim-client: Don't attempt to pass on illegal TPDU length
TPDUs with length < 5 or > 260 bytes are illegal in T=0. It doesn't
make sense to send them to bankd, triggering bugs in either bankd,
pcsc-lite or the CCID firmware down the road. Let's filter them right
where they might originate.
Change-Id: I175eb4622d0e69dbc6aca2cddfe091a78f225da5
---
M src/client/main_fsm.c
1 file changed, 5 insertions(+), 0 deletions(-)
Approvals:
Jenkins Builder: Verified
lynxis lazus: Looks good to me, approved
diff --git a/src/client/main_fsm.c b/src/client/main_fsm.c
index 18798d3..5a35567 100644
--- a/src/client/main_fsm.c
+++ b/src/client/main_fsm.c
@@ -331,6 +331,11 @@
case MF_E_MDM_TPDU:
tpdu = data;
OSMO_ASSERT(tpdu);
+ if (tpdu->len < 5 || tpdu->len > 260) {
+ LOGPFSML(fi, LOGL_ERROR, "Modem submitted illegal TPDU
length %zu (%s), dropping\n", tpdu->len,
+ osmo_hexdump_nospc(tpdu->buf, tpdu->len));
+ break;
+ }
LOGPFSML(fi, LOGL_INFO, "Tx tpduModemToCard (%s)\n",
osmo_hexdump_nospc(tpdu->buf, tpdu->len));
/* forward to bankd */
bank_slot2rspro(&bslot, &bc->bankd_slot);
--
To view, visit https://gerrit.osmocom.org/c/osmo-remsim/+/42230?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings?usp=email
Gerrit-MessageType: merged
Gerrit-Project: osmo-remsim
Gerrit-Branch: master
Gerrit-Change-Id: I175eb4622d0e69dbc6aca2cddfe091a78f225da5
Gerrit-Change-Number: 42230
Gerrit-PatchSet: 4
Gerrit-Owner: laforge <[email protected]>
Gerrit-Reviewer: Hoernchen <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <[email protected]>
Gerrit-Reviewer: lynxis lazus <[email protected]>
