laforge submitted this change.

View Change


Approvals: laforge: Looks good to me, approved; Verified 
sim/class_tables: Prevent out-of-bounds access

The INS tables always must be declared with 256 elements, even
if they only use some of them.  We never know which random INS
code might be used to index them.

This was not discovered until now as the only known user of those
tables is always using the SIM/UICC/USIM table and not the plain
ISO7816 table.

Change-Id: I6739f469f6e84eed9aab403cc481ebff86df0181
---
M src/sim/class_tables.c
1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/sim/class_tables.c b/src/sim/class_tables.c
index 724c077..6d05ede 100644
--- a/src/sim/class_tables.c
+++ b/src/sim/class_tables.c
@@ -19,7 +19,7 @@
 #include <osmocom/core/utils.h>
 #include <osmocom/sim/class_tables.h>
 
-static const uint8_t iso7816_ins_tbl[] = {
+static const uint8_t iso7816_ins_tbl[256] = {
 	[0xB0]	= 2,	/* READ BIN */
 	[0xD0]	= 3,	/* WRITE BIN */
 	[0xD6]	= 3,	/* UPDATE BIN */

To view, visit change 35155. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: I6739f469f6e84eed9aab403cc481ebff86df0181
Gerrit-Change-Number: 35155
Gerrit-PatchSet: 2
Gerrit-Owner: laforge <laforge@osmocom.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-MessageType: merged