Change in simtrace2[master]: sniffing: fix procedure byte handling and make TPDU parsing for strict

[Kévin Redon]

Kévin Redon has uploaded this change for review. ( https://gerrit.osmocom.org/9880


Change subject: sniffing: fix procedure byte handling and make TPDU parsing for strict
......................................................................

sniffing: fix procedure byte handling and make TPDU parsing for strict

Change-Id: If991152f11c4b864ab1386f21dc13c335e6b281f
---
M firmware/libcommon/source/sniffer.c
1 file changed, 12 insertions(+), 4 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/simtrace2 refs/changes/80/9880/1

diff --git a/firmware/libcommon/source/sniffer.c b/firmware/libcommon/source/sniffer.c
index c14a176..3719796 100644
--- a/firmware/libcommon/source/sniffer.c
+++ b/firmware/libcommon/source/sniffer.c
@@ -176,7 +176,7 @@
  */
 uint8_t tpdu_packet[5+256+2];
 /*! Current index in TPDU packet */
-uint8_t tpdu_packet_i = 0;
+uint16_t tpdu_packet_i = 0;
 
 /*------------------------------------------------------------------------------
  *         Internal functions
@@ -625,13 +625,19 @@
 	case TPDU_S_CLA:
 		if (0xff==byte) {
 			TRACE_WARNING("0xff is not a valid class byte\n\r");
-			break;
+			change_state(ISO7816_S_WAIT_TPDU); /* go back to TPDU state */
+			return;
 		}
 		tpdu_packet_i = 0;
 		tpdu_packet[tpdu_packet_i++] = byte;
 		tpdu_state = TPDU_S_INS;
 		break;
 	case TPDU_S_INS:
+		if ((0x60==(byte&0xf0)) || (0x90==(byte&0xf0))) {
+			TRACE_WARNING("invalid CLA 0x%02x\n\r", byte);
+			change_state(ISO7816_S_WAIT_TPDU); /* go back to TPDU state */
+			return;
+		}
 		tpdu_packet_i = 1;
 		tpdu_packet[tpdu_packet_i++] = byte;
 		tpdu_state = TPDU_S_P1;
@@ -667,6 +673,8 @@
 			tpdu_state = TPDU_S_SW2;
 		} else {
 			TRACE_WARNING("invalid SW1 0x%02x\n\r", byte);
+			change_state(ISO7816_S_WAIT_TPDU); /* go back to TPDU state */
+			return;
 		}
 		break;
 	case TPDU_S_SW2:
@@ -679,11 +687,11 @@
 		tpdu_packet[tpdu_packet_i++] = byte;
 		if (0==tpdu_packet[4]) {
 			if (5+256<=tpdu_packet_i) {
-				tpdu_state = TPDU_S_SW1;
+				tpdu_state = TPDU_S_PROCEDURE;
 			}
 		} else {
 			if (5+tpdu_packet[4]<=tpdu_packet_i) {
-				tpdu_state = TPDU_S_SW1;
+				tpdu_state = TPDU_S_PROCEDURE;
 			}
 		}
 		if (TPDU_S_DATA_SINGLE==tpdu_state) {

-- 
To view, visit https://gerrit.osmocom.org/9880
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: simtrace2
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: If991152f11c4b864ab1386f21dc13c335e6b281f
Gerrit-Change-Number: 9880
Gerrit-PatchSet: 1
Gerrit-Owner: Kévin Redon <kredon at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180704/4b4af42e/attachment.htm>