laforge has submitted this change. (
https://gerrit.osmocom.org/c/libosmocore/+/35155?usp=email )
Change subject: sim/class_tables: Prevent out-of-bounds access
......................................................................
sim/class_tables: Prevent out-of-bounds access
The INS tables always must be declared with 256 elements, even
if they only use some of them. We never know which random INS
code might be used to index them.
This was not discovered until now as the only known user of those
tables is always using the SIM/UICC/USIM table and not the plain
ISO7816 table.
Change-Id: I6739f469f6e84eed9aab403cc481ebff86df0181
---
M src/sim/class_tables.c
1 file changed, 18 insertions(+), 1 deletion(-)
Approvals:
laforge: Looks good to me, approved; Verified
diff --git a/src/sim/class_tables.c b/src/sim/class_tables.c
index 724c077..6d05ede 100644
--- a/src/sim/class_tables.c
+++ b/src/sim/class_tables.c
@@ -19,7 +19,7 @@
#include <osmocom/core/utils.h>
#include <osmocom/sim/class_tables.h>
-static const uint8_t iso7816_ins_tbl[] = {
+static const uint8_t iso7816_ins_tbl[256] = {
[0xB0] = 2, /* READ BIN */
[0xD0] = 3, /* WRITE BIN */
[0xD6] = 3, /* UPDATE BIN */
--
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/35155?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: I6739f469f6e84eed9aab403cc481ebff86df0181
Gerrit-Change-Number: 35155
Gerrit-PatchSet: 2
Gerrit-Owner: laforge <lafo...@osmocom.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <lafo...@osmocom.org>
Gerrit-MessageType: merged
