Hoernchen has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-ccid-firmware/+/42778?usp=email )
Change subject: ccid: reject invalid bClockCommand ......................................................................
ccid: reject invalid bClockCommand
Change-Id: I34dedcaaaf3cd67e22b207016f08e745736dd625 --- M ccid_common/ccid_device.c 1 file changed, 9 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-ccid-firmware refs/changes/78/42778/1
diff --git a/ccid_common/ccid_device.c b/ccid_common/ccid_device.c index 63a4d70..d9faa00 100644 --- a/ccid_common/ccid_device.c +++ b/ccid_common/ccid_device.c @@ -601,9 +601,17 @@ const union ccid_pc_to_rdr *u = msgb_ccid_out(msg); const struct ccid_header *ch = (const struct ccid_header *) u; uint8_t seq = u->icc_clock.hdr.bSeq; + uint8_t cmd = u->icc_clock.bClockCommand; struct msgb *resp;
- cs->ci->slot_ops->set_clock(cs, u->icc_clock.bClockCommand); + /* CCID v1.1 §6.1.9: bClockCommand has only two defined values; reject + * early here */ + if (cmd != CCID_CLOCK_CMD_RESTART && cmd != CCID_CLOCK_CMD_STOP) { + resp = ccid_gen_slot_status(cs, seq, CCID_CMD_STATUS_FAILED, offsetof(struct ccid_pc_to_rdr_icc_clock, bClockCommand)); + return ccid_slot_send_unbusy(cs, resp); + } + + cs->ci->slot_ops->set_clock(cs, cmd); resp = ccid_gen_slot_status(cs, seq, CCID_CMD_STATUS_OK, 0); return ccid_slot_send_unbusy(cs, resp); }