laforge submitted this change.
ccid_slot_fsm.c: Reject T=0 TPDU > 260 bytes
The CCID v1.1 ch 6.1.4 specification states a T=0 TPDU must not exceed 260 bytes,
so let's properly handle this error case.
Change-Id: Iceb0013adf448fe56c909fd8ccf14a021d8b7331
---
M ccid_common/ccid_slot_fsm.c
1 file changed, 5 insertions(+), 0 deletions(-)
diff --git a/ccid_common/ccid_slot_fsm.c b/ccid_common/ccid_slot_fsm.c
index c34ad72..05024c9 100644
--- a/ccid_common/ccid_slot_fsm.c
+++ b/ccid_common/ccid_slot_fsm.c
@@ -359,6 +359,11 @@
if (msgb_length(msg) != xfb->hdr.dwLength + 10)
return -1;
+ /* CCID spec v1.1 Section 6.1.4 states:
+ * "the absolute maximum block size for a TPDU T=0 block is 260 * bytes" */
+ if (xfb->hdr.dwLength > 260)
+ return -1;
+
/* might be unpowered after failed ppss that led to reset */
if (cs->icc_powered != true)
return -0;
To view, visit change 42193. To unsubscribe, or for help writing mail filters, visit settings.