[XS] Change in osmo-remsim[master]: remsim-client: Don't attempt to pass on TPDU length < 5 - gerrit-log

27 Feb 2026

laforge has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-remsim/+/42230?usp=email )
Change subject: remsim-client: Don't attempt to pass on TPDU length < 5
......................................................................
remsim-client: Don't attempt to pass on TPDU length < 5
TPDUs with length < 5 bytes are illegal in T=0.  It doesn't make sense
to send them to bankd, triggering bugs in either bankd, pcsc-lite or the
CCID firmware down the road.  Let's filter them right where they might
originate.
Change-Id: I175eb4622d0e69dbc6aca2cddfe091a78f225da5
---
M src/client/main_fsm.c
1 file changed, 5 insertions(+), 0 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-remsim refs/changes/30/42230/1

diff --git a/src/client/main_fsm.c b/src/client/main_fsm.c
index dcdd239..c4c3237 100644
--- a/src/client/main_fsm.c
+++ b/src/client/main_fsm.c
@@ -336,6 +336,11 @@
    case MF_E_MDM_TPDU:
    	tpdu = data;
    	OSMO_ASSERT(tpdu);
+		if (tpdu->len < 5) {
+			LOGPFSML(fi, LOGL_ERROR, "Modem submitted illegal TPDU length %u (%s), dropping\n", tpdu->len,
+				 osmo_hexdump_nospc(tpdu->buf, tpdu->len));
+			return;
+		}
    	LOGPFSML(fi, LOGL_INFO, "Tx tpduModemToCard (%s)\n", osmo_hexdump_nospc(tpdu->buf, tpdu->len));
    	/* forward to bankd */
    	bank_slot2rspro(&bslot, &bc->bankd_slot);
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-remsim/+/42230?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: osmo-remsim
Gerrit-Branch: master
Gerrit-Change-Id: I175eb4622d0e69dbc6aca2cddfe091a78f225da5
Gerrit-Change-Number: 42230
Gerrit-PatchSet: 1
Gerrit-Owner: laforge laforge@osmocom.org



    