catarrh/simtrace2
1
0
Fork 0
mirror of https://gitea.osmocom.org/sim-card/simtrace2.git synced 2026-03-17 05:38:33 +03:00
Code Issues Packages Projects Releases Wiki Activity

card_emu: Fix the length checks for transmit beyond rctx->tot_len

Browse Source
This commit is contained in:
Harald Welte
2016-02-24 22:18:46 +01:00
parent 22cdf2af59
commit f16b618755
1 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
firmware/src_simtrace/card_emu.c
View File

@@ -582,9 +582,21 @@ static int tx_byte_tpdu(struct card_handle *ch)
card_emu_uart_tx(ch->uart_chan, byte);
/* this must happen _after_ the byte has been transmittd */
switch (ch->tpdu.state) {
case TPDU_S_WAIT_PB:
/* if we just transmitted the procedure byte, we need to decide
* if we want to continue to receive or transmit */
if (td->flags & CEMU_DATA_F_PB_AND_TX)
set_tpdu_state(ch, TPDU_S_WAIT_TX);
else if (td->flags & CEMU_DATA_F_PB_AND_RX)
set_tpdu_state(ch, TPDU_S_WAIT_RX);
break;
}
/* check if the buffer has now been fully transmitted */
if ((rctx->idx >= td->hdr.data_len) ||
(rctx->idx + sizeof(*td) - sizeof(td->hdr) >= rctx->tot_len)) {
(td->data + rctx->idx >= rctx->data + rctx->tot_len)) {
if (td->flags & CEMU_DATA_F_PB_AND_RX) {
/* we have just sent the procedure byte and now
* need to continue receiving */
@@ -605,16 +617,6 @@ static int tx_byte_tpdu(struct card_handle *ch)
ch->uart_tx_ctx = NULL;
}
/* this must happen _after_ the byte has been transmittd */
switch (ch->tpdu.state) {
case TPDU_S_WAIT_PB:
if (td->flags & CEMU_DATA_F_PB_AND_TX)
set_tpdu_state(ch, TPDU_S_WAIT_TX);
else if (td->flags & CEMU_DATA_F_PB_AND_RX)
set_tpdu_state(ch, TPDU_S_WAIT_RX);
break;
}
return 1;
}