laforge submitted this change.

View Change

Approvals: Jenkins Builder: Verified lynxis lazus: Looks good to me, approved 
remsim-bankd: Don't pass on illegal TPDUs of illegal length

TPDUs with length < 5 bytes or > 260 bytes are illegal in T=0.  It
doesn't make sense to send them to pcsc-lite, triggering bugs in either
pcsc-lite or the CCID firmware down the road.  Let's filter them.

Change-Id: I5c9f1143b85470234acd2e2ffe3e0cf72bd2ae43
---
M src/bankd/bankd_main.c
1 file changed, 6 insertions(+), 0 deletions(-)

diff --git a/src/bankd/bankd_main.c b/src/bankd/bankd_main.c
index 6e47376..1adc34c 100644
--- a/src/bankd/bankd_main.c
+++ b/src/bankd/bankd_main.c
@@ -820,6 +820,12 @@
 		return -106;
 	}
 
+	if (mdm2sim->data.size < 5 || mdm2sim->data.size > 260) {
+		LOGW(worker, "Illegal TPDU length %u octets, not passing to driver/reader\n",
+		     mdm2sim->data.size);
+		return -107;
+	}
+
 	rc = worker->ops->transceive(worker, mdm2sim->data.buf, mdm2sim->data.size,
 				     rx_buf, &rx_buf_len);
 	if (rc < 0)

To view, visit change 42231. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: merged
Gerrit-Project: osmo-remsim
Gerrit-Branch: master
Gerrit-Change-Id: I5c9f1143b85470234acd2e2ffe3e0cf72bd2ae43
Gerrit-Change-Number: 42231
Gerrit-PatchSet: 3
Gerrit-Owner: laforge <laforge@osmocom.org>
Gerrit-Reviewer: Hoernchen <ewild@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Reviewer: lynxis lazus <lynxis@fe80.eu>