[XS] Change in osmo-ccid-firmware[master]: ccid_slot_fsm.c: Reject T=0 TPDU > 260 bytes - gerrit-log

11 Mar 2026

laforge has submitted this change. ( https://gerrit.osmocom.org/c/osmo-ccid-firmware/+/42193?usp=email )
Change subject: ccid_slot_fsm.c: Reject T=0 TPDU > 260 bytes
......................................................................
ccid_slot_fsm.c: Reject T=0 TPDU > 260 bytes
The CCID v1.1 ch 6.1.4 specification states a T=0 TPDU must not exceed 260 bytes,
so let's properly handle this error case.
Change-Id: Iceb0013adf448fe56c909fd8ccf14a021d8b7331
---
M ccid_common/ccid_slot_fsm.c
1 file changed, 5 insertions(+), 0 deletions(-)
Approvals:
  laforge: Looks good to me, approved
  Jenkins Builder: Verified

diff --git a/ccid_common/ccid_slot_fsm.c b/ccid_common/ccid_slot_fsm.c
index c34ad72..05024c9 100644
--- a/ccid_common/ccid_slot_fsm.c
+++ b/ccid_common/ccid_slot_fsm.c
@@ -359,6 +359,11 @@
    if (msgb_length(msg) != xfb->hdr.dwLength + 10)
    	return -1;
+	/* CCID spec v1.1 Section 6.1.4 states:
+	 *  "the absolute maximum block size for a TPDU T=0 block is 260 * bytes" */
+	if (xfb->hdr.dwLength > 260)
+		return -1;
+
    /* might be unpowered after failed ppss that led to reset */
    if (cs->icc_powered != true)
    	return -0;
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-ccid-firmware/+/42193?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: merged
Gerrit-Project: osmo-ccid-firmware
Gerrit-Branch: master
Gerrit-Change-Id: Iceb0013adf448fe56c909fd8ccf14a021d8b7331
Gerrit-Change-Number: 42193
Gerrit-PatchSet: 4
Gerrit-Owner: laforge laforge@osmocom.org
Gerrit-Reviewer: Hoernchen ewild@sysmocom.de
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: jolly andreas@eversberg.eu
Gerrit-Reviewer: laforge laforge@osmocom.org
Gerrit-Reviewer: lynxis lazus lynxis@fe80.eu



    