From c2aed7900c1a799dfe00ee8387940f0c26d9000d Mon Sep 17 00:00:00 2001 From: Jean-Michel Picod Date: Sun, 4 Dec 2022 21:31:06 +0100 Subject: [PATCH] Temporary fix buffer overflow until new SIM firmware is released --- armsrc/i2c.c | 25 ++++++++++++++----------- armsrc/i2c.h | 6 +++--- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/armsrc/i2c.c b/armsrc/i2c.c index 12d7c9cd2..b79f8bb0e 100644 --- a/armsrc/i2c.c +++ b/armsrc/i2c.c @@ -53,7 +53,7 @@ static void __attribute__((optimize("O0"))) I2CSpinDelayClk(uint16_t delay) { #define I2C_DELAY_2CLK I2CSpinDelayClk(2) #define I2C_DELAY_XCLK(x) I2CSpinDelayClk((x)) -#define ISO7618_MAX_FRAME 255 +#define ISO7618_MAX_FRAME 260 // try i2c bus recovery at 100kHz = 5us high, 5us low void I2C_recovery(void) { @@ -395,8 +395,8 @@ bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_address) { } //Sends array of data (Array, length, command to be written , SlaveDevice address ). -// len = uint8 (max buffer to write 256bytes) -bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) { +// len = uint16 because we need to write up to 256 bytes +bool I2C_BufferWrite(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address) { bool bBreak = true; do { if (!I2C_Start()) @@ -433,8 +433,8 @@ bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t dev } // read one array of data (Data array, Readout length, command to be written , SlaveDevice address ). -// len = uint8 (max buffer to read 256bytes) -int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) { +// len = uint16 because we need to read up to 256bytes +int16_t I2C_BufferRead(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address) { if (!data || len == 0) return 0; @@ -631,7 +631,7 @@ int I2C_get_version(uint8_t *maj, uint8_t *min) { } // Will read response from smart card module, retries 3 times to get the data. -bool sc_rx_bytes(uint8_t *dest, uint8_t *destlen) { +bool sc_rx_bytes(uint8_t *dest, uint16_t *destlen) { uint8_t i = 5; int16_t len = 0; @@ -656,7 +656,7 @@ bool sc_rx_bytes(uint8_t *dest, uint8_t *destlen) { if (len <= 1) return false; - *destlen = (uint8_t)len & 0xFF; + *destlen = len; return true; } @@ -678,7 +678,10 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) { return false; // read bytes from module - uint8_t len = sizeof(card_ptr->atr); + uint16_t len = sizeof(card_ptr->atr); + if (len > sizeof(card_ptr->atr)) { + len = sizeof(card_ptr->atr); + } if (sc_rx_bytes(card_ptr->atr, &len) == false) return false; @@ -697,7 +700,7 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) { uint8_t chksum = 0; // xor property. will be zero when xored with chksum. - for (uint8_t i = 1; i < len; ++i) + for (uint16_t i = 1; i < len; ++i) chksum ^= card_ptr->atr[i]; if (chksum) { @@ -706,7 +709,7 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) { } } - card_ptr->atr_len = len; + card_ptr->atr_len = (uint8_t) (len & 0xff); if (verbose) { LogTrace(card_ptr->atr, card_ptr->atr_len, 0, 0, NULL, false); } @@ -732,7 +735,7 @@ void SmartCardAtr(void) { void SmartCardRaw(smart_card_raw_t *p) { LED_D_ON(); - uint8_t len = 0; + uint16_t len = 0; uint8_t *resp = BigBuf_malloc(ISO7618_MAX_FRAME); // check if alloacted... smartcard_command_t flags = p->flags; diff --git a/armsrc/i2c.h b/armsrc/i2c.h index c1b6ada03..2ce051bd7 100644 --- a/armsrc/i2c.h +++ b/armsrc/i2c.h @@ -41,14 +41,14 @@ void I2C_Reset_EnterBootloader(void); bool I2C_WriteCmd(uint8_t device_cmd, uint8_t device_address); bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_address); -bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address); -int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address); +bool I2C_BufferWrite(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address); +int16_t I2C_BufferRead(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address); // for firmware int16_t I2C_ReadFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address); bool I2C_WriteFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address); -bool sc_rx_bytes(uint8_t *dest, uint8_t *destlen); +bool sc_rx_bytes(uint8_t *dest, uint16_t *destlen); // bool GetATR(smart_card_atr_t *card_ptr, bool verbose);