7816fsm: fail PPS on invalid first byte in PPS_S_WAIT_PPSX

Change-Id: I5b74b8443a98224c0c95a664a886066495d8b64a
---
M ccid_common/iso7816_fsm.c
1 file changed, 15 insertions(+), 1 deletion(-)


git pull ssh://gerrit.osmocom.org:29418/osmo-ccid-firmware refs/changes/80/42780/1

diff --git a/ccid_common/iso7816_fsm.c b/ccid_common/iso7816_fsm.c
index ffa895e..407c1fb 100644
--- a/ccid_common/iso7816_fsm.c
+++ b/ccid_common/iso7816_fsm.c
@@ -1076,8 +1076,22 @@
 		msgb_put_u8(atp->rx_cmd, byte);
 		switch (fi->state) {
 		case PPS_S_WAIT_PPSX:
-			if (byte == 0xff)
+			/* ISO 7816-3 §9.2: PPSS is fixed at 0xff. Any other
+			 * first byte is an erroneous PPS response and §9.1
+			 * requires deactivation. We must transition out of
+			 * WAIT_PPSX on every byte like every other PPS substate
+			 * so the unconditional msgb_put_u8 above stays
+			 * bounded by the spec's 6-byte maximum. */
+			if (byte == 0xff) {
 				osmo_fsm_inst_state_chg(fi, PPS_S_WAIT_PPS0, 0, 0);
+			} else {
+				LOGPFSML(fi, LOGL_ERROR,
+					 "Invalid PPSS=0x%02x (expected 0xff); failing PPS\n",
+					 byte);
+				osmo_fsm_inst_state_chg(fi, PPS_S_DONE, 0, 0);
+				osmo_fsm_inst_dispatch(fi->proc.parent,
+						       ISO7816_E_PPS_FAILED_IND, atp->tx_cmd);
+			}
 			break;
 		case PPS_S_WAIT_PPS0:
 			atp->pps0_recv = byte;

