From e44a9cc5604eac3f83e355c7d8882e879b230c7e Mon Sep 17 00:00:00 2001 From: Belgin ?tirbu Date: Fri, 3 Jan 2020 06:50:40 +0000 Subject: Fixed incorrect parsing of TLV data This problem prevented the SIM to be fully recognized and only incoming calls/messages worked. The issue is the code assumes tag 0x88 exists, and then assumes that the TLV right before it is the size tag. These two assumptions are sometimes wrong. The solution is to send the data as-is to the java RIL because it can also parse TLVs. Signed-off-by: Belgin Stirbu Acked-by: Denis 'GNUtoo' Carikli --- sim.c | 82 +------------------------------------------------------------------ 1 file changed, 1 insertion(+), 81 deletions(-) diff --git a/sim.c b/sim.c index c503b27..8b89eef 100644 --- a/sim.c +++ b/sim.c @@ -911,8 +911,6 @@ complete: int ipc_sec_rsim_access(struct ipc_message *message) { struct ipc_sec_rsim_access_response_header *header; - struct ipc_sec_rsim_access_usim_response_header *usim_header; - struct sim_file_response sim_file_response; struct ril_request *request; struct ril_client *client; struct ipc_fmt_data *ipc_fmt_data; @@ -922,9 +920,6 @@ int ipc_sec_rsim_access(struct ipc_message *message) #else RIL_SIM_IO *sim_io; #endif - unsigned char *p; - unsigned int offset; - unsigned int i; void *data; size_t size; @@ -966,86 +961,11 @@ int ipc_sec_rsim_access(struct ipc_message *message) switch (sim_io->command) { case SIM_COMMAND_READ_BINARY: case SIM_COMMAND_READ_RECORD: - if (header->length == 0) - break; - - response.simResponse = data2string(data, header->length); - break; case SIM_COMMAND_GET_RESPONSE: if (header->length == 0) break; - if (ipc_fmt_data->sim_icc_type_data.type == 0x01) { - response.simResponse = data2string(data, header->length); - break; - } - - if (header->length < sizeof(struct ipc_sec_rsim_access_usim_response_header)) - break; - - usim_header = (struct ipc_sec_rsim_access_usim_response_header *) data; - - memset(&sim_file_response, 0, sizeof(sim_file_response)); - - offset = sizeof(struct ipc_sec_rsim_access_usim_response_header) + usim_header->offset; - if (offset > header->length) - break; - - offset = usim_header->offset - 2; - p = (unsigned char *) usim_header + offset; - - sim_file_response.file_id[0] = p[0]; - sim_file_response.file_id[1] = p[1]; - - offset = header->length - 2; - p = (unsigned char *) usim_header; - - while (offset > 2) { - if (p[offset] == 0x88) { - offset -= 2; - break; - } - - offset--; - } - - if (offset <= 2) - break; - - p = (unsigned char *) usim_header + offset; - - sim_file_response.file_size[0] = p[0]; - sim_file_response.file_size[1] = p[1]; - - // Fallback to EF - sim_file_response.file_type = SIM_FILE_TYPE_EF; - for (i = 0; i < sim_file_ids_count; i++) { - if (sim_io->fileid == sim_file_ids[i].file_id) { - sim_file_response.file_type = sim_file_ids[i].type; - break; - } - } - - sim_file_response.access_condition[0] = 0x00; - sim_file_response.access_condition[1] = 0xff; - sim_file_response.access_condition[2] = 0xff; - - sim_file_response.file_status = 0x01; - sim_file_response.file_length = 0x02; - - switch (usim_header->file_structure) { - case IPC_SEC_RSIM_FILE_STRUCTURE_TRANSPARENT: - sim_file_response.file_structure = SIM_FILE_STRUCTURE_TRANSPARENT; - break; - case IPC_SEC_RSIM_FILE_STRUCTURE_LINEAR_FIXED: - default: - sim_file_response.file_structure = SIM_FILE_STRUCTURE_LINEAR_FIXED; - break; - } - - sim_file_response.record_length = usim_header->length; - - response.simResponse = data2string((void *) &sim_file_response, sizeof(sim_file_response)); + response.simResponse = data2string(data, header->length); break; case SIM_COMMAND_UPDATE_BINARY: case SIM_COMMAND_UPDATE_RECORD: -- cgit v1.2.3