This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
laforge gerrit-no-reply at lists.osmocom.orglaforge has submitted this change. ( https://gerrit.osmocom.org/c/osmo-ccid-firmware/+/20689 ) Change subject: ccid xfers: return proper error to host instead of asserting ...................................................................... ccid xfers: return proper error to host instead of asserting This could have led to hangs when trying T=1 data blobs where the length field is not the T=0 length field and is therefore misinterpreted. Closes: OS#4805 Change-Id: Iacdf60e4401f8e287f60ea148b0944d0a3de491d --- M ccid_common/ccid_slot_fsm.c 1 file changed, 5 insertions(+), 2 deletions(-) Approvals: laforge: Looks good to me, approved Jenkins Builder: Verified diff --git a/ccid_common/ccid_slot_fsm.c b/ccid_common/ccid_slot_fsm.c index 23577eb..2338919 100644 --- a/ccid_common/ccid_slot_fsm.c +++ b/ccid_common/ccid_slot_fsm.c @@ -294,8 +294,11 @@ ss->seq = xfb->hdr.bSeq; /* must be '0' for TPDU level exchanges or for short APDU */ - OSMO_ASSERT(xfb->wLevelParameter == 0x0000); - OSMO_ASSERT(msgb_length(msg) > xfb->hdr.dwLength); + if (xfb->wLevelParameter != 0x0000) + return -8; + + if (msgb_length(msg) != xfb->hdr.dwLength) + return -1; msgb_pull(msg, 10); -- To view, visit https://gerrit.osmocom.org/c/osmo-ccid-firmware/+/20689 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ccid-firmware Gerrit-Branch: master Gerrit-Change-Id: Iacdf60e4401f8e287f60ea148b0944d0a3de491d Gerrit-Change-Number: 20689 Gerrit-PatchSet: 4 Gerrit-Owner: Hoernchen <ewild at sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge <laforge at osmocom.org> Gerrit-MessageType: merged -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20201018/680763fc/attachment.htm>