diff options
author | Kévin Redon <kredon@sysmocom.de> | 2018-07-03 16:17:00 +0200 |
---|---|---|
committer | King Kévin <kingkevin@cuvoodoo.info> | 2018-07-04 17:55:20 +0200 |
commit | c9bd71528979e0e44688761a47ec6ab9ff5c1f46 (patch) | |
tree | 3951619c06bf73981cd777d76f0ef6f223f5f6cc | |
parent | 35e8bdf8799c15381621d2ca39493156235afca0 (diff) |
sniffing: fix procedure byte handling and make TPDU parsing more strict
Change-Id: If991152f11c4b864ab1386f21dc13c335e6b281f
-rw-r--r-- | firmware/libcommon/source/sniffer.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/firmware/libcommon/source/sniffer.c b/firmware/libcommon/source/sniffer.c index 2ad435c..1b6d5e7 100644 --- a/firmware/libcommon/source/sniffer.c +++ b/firmware/libcommon/source/sniffer.c @@ -176,7 +176,7 @@ enum tpdu_sniff_state tpdu_state; */ uint8_t tpdu_packet[5+256+2]; /*! Current index in TPDU packet */ -uint8_t tpdu_packet_i = 0; +uint16_t tpdu_packet_i = 0; /*------------------------------------------------------------------------------ * Internal functions @@ -625,13 +625,19 @@ static void process_byte_tpdu(uint8_t byte) case TPDU_S_CLA: if (0xff==byte) { TRACE_WARNING("0xff is not a valid class byte\n\r"); - break; + change_state(ISO7816_S_WAIT_TPDU); /* go back to TPDU state */ + return; } tpdu_packet_i = 0; tpdu_packet[tpdu_packet_i++] = byte; tpdu_state = TPDU_S_INS; break; case TPDU_S_INS: + if ((0x60==(byte&0xf0)) || (0x90==(byte&0xf0))) { + TRACE_WARNING("invalid CLA 0x%02x\n\r", byte); + change_state(ISO7816_S_WAIT_TPDU); /* go back to TPDU state */ + return; + } tpdu_packet_i = 1; tpdu_packet[tpdu_packet_i++] = byte; tpdu_state = TPDU_S_P1; @@ -667,6 +673,8 @@ static void process_byte_tpdu(uint8_t byte) tpdu_state = TPDU_S_SW2; } else { TRACE_WARNING("invalid SW1 0x%02x\n\r", byte); + change_state(ISO7816_S_WAIT_TPDU); /* go back to TPDU state */ + return; } break; case TPDU_S_SW2: @@ -679,11 +687,11 @@ static void process_byte_tpdu(uint8_t byte) tpdu_packet[tpdu_packet_i++] = byte; if (0==tpdu_packet[4]) { if (5+256<=tpdu_packet_i) { - tpdu_state = TPDU_S_SW1; + tpdu_state = TPDU_S_PROCEDURE; } } else { if (5+tpdu_packet[4]<=tpdu_packet_i) { - tpdu_state = TPDU_S_SW1; + tpdu_state = TPDU_S_PROCEDURE; } } if (TPDU_S_DATA_SINGLE==tpdu_state) { |