fixeria has uploaded this change for review. (
https://gerrit.osmocom.org/c/simtrace2/+/28513 )
Change subject: host/cardem: fix integer overflow in process_do_rx_da()
......................................................................
host/cardem: fix integer overflow in process_do_rx_da()
osmo_apdu_segment_in() may return a negative number on receipt of
"unknown APDU case", and that would crash simtrace2-cardem-pcsc:
msgb(0x55d2cf7aa8a0): Not enough tailroom msgb_put
(allocated 920, head at 0, len 7, tailroom 1017 < want tailroom 65534)
backtrace() returned 19 addresses
Change-Id: I9e97b955a28ec886a429d744f9316e7e71be4481
---
M host/src/simtrace2-cardem-pcsc.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/simtrace2 refs/changes/13/28513/1
diff --git a/host/src/simtrace2-cardem-pcsc.c b/host/src/simtrace2-cardem-pcsc.c
index 4820f36..096bc7b 100644
--- a/host/src/simtrace2-cardem-pcsc.c
+++ b/host/src/simtrace2-cardem-pcsc.c
@@ -168,7 +168,7 @@
rc = osmo_apdu_segment_in(&ac, data->data, data->data_len,
data->flags & CEMU_DATA_F_TPDU_HDR);
- if (rc & APDU_ACT_TX_CAPDU_TO_CARD) {
+ if (rc > 0 & APDU_ACT_TX_CAPDU_TO_CARD) {
struct msgb *tmsg = msgb_alloc(1024, "TPDU");
struct osim_reader_hdl *rh = ci->chan->card->reader;
uint8_t *cur;
--
To view, visit https://gerrit.osmocom.org/c/simtrace2/+/28513
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: simtrace2
Gerrit-Branch: master
Gerrit-Change-Id: I9e97b955a28ec886a429d744f9316e7e71be4481
Gerrit-Change-Number: 28513
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <[email protected]>
Gerrit-MessageType: newchange
