[Replicant] [PATCH] Fixed incorrect parsing of TLV data

Belgin ?tirbu belginstirbu at hotmail.com
Fri Jan 3 06:50:40 UTC 2020


This problem prevented the SIM to be fully recognized and only incoming calls/messages worked.

The issue is the code assumes tag 0x88 exists, and then assumes that the TLV right before it is the size tag.
These two assumptions are sometimes wrong.
The solution is to send the data as-is to the java RIL because it can also parse TLVs.

Signed-off-by: Belgin Stirbu <belginstirbu at hotmail.com>
---
 sim.c | 82 +------------------------------------------------------------------
 1 file changed, 1 insertion(+), 81 deletions(-)

diff --git a/sim.c b/sim.c
index c503b27..8b89eef 100644
--- a/sim.c
+++ b/sim.c
@@ -911,8 +911,6 @@ complete:
 int ipc_sec_rsim_access(struct ipc_message *message)
 {
 	struct ipc_sec_rsim_access_response_header *header;
-	struct ipc_sec_rsim_access_usim_response_header *usim_header;
-	struct sim_file_response sim_file_response;
 	struct ril_request *request;
 	struct ril_client *client;
 	struct ipc_fmt_data *ipc_fmt_data;
@@ -922,9 +920,6 @@ int ipc_sec_rsim_access(struct ipc_message *message)
 #else
 	RIL_SIM_IO *sim_io;
 #endif
-	unsigned char *p;
-	unsigned int offset;
-	unsigned int i;
 	void *data;
 	size_t size;
 
@@ -966,86 +961,11 @@ int ipc_sec_rsim_access(struct ipc_message *message)
 	switch (sim_io->command) {
 		case SIM_COMMAND_READ_BINARY:
 		case SIM_COMMAND_READ_RECORD:
-			if (header->length == 0)
-				break;
-
-			response.simResponse = data2string(data, header->length);
-			break;
 		case SIM_COMMAND_GET_RESPONSE:
 			if (header->length == 0)
 				break;
 
-			if (ipc_fmt_data->sim_icc_type_data.type == 0x01) {
-				response.simResponse = data2string(data, header->length);
-				break;
-			}
-
-			if (header->length < sizeof(struct ipc_sec_rsim_access_usim_response_header))
-				break;
-
-			usim_header = (struct ipc_sec_rsim_access_usim_response_header *) data;
-
-			memset(&sim_file_response, 0, sizeof(sim_file_response));
-
-			offset = sizeof(struct ipc_sec_rsim_access_usim_response_header) + usim_header->offset;
-			if (offset > header->length)
-				break;
-
-			offset = usim_header->offset - 2;
-			p = (unsigned char *) usim_header + offset;
-
-			sim_file_response.file_id[0] = p[0];
-			sim_file_response.file_id[1] = p[1];
-
-			offset = header->length - 2;
-			p = (unsigned char *) usim_header;
-
-			while (offset > 2) {
-				if (p[offset] == 0x88) {
-					offset -= 2;
-					break;
-				}
-
-				offset--;
-			}
-
-			if (offset <= 2)
-				break;
-
-			p = (unsigned char *) usim_header + offset;
-
-			sim_file_response.file_size[0] = p[0];
-			sim_file_response.file_size[1] = p[1];
-
-			// Fallback to EF
-			sim_file_response.file_type = SIM_FILE_TYPE_EF;
-			for (i = 0; i < sim_file_ids_count; i++) {
-				if (sim_io->fileid == sim_file_ids[i].file_id) {
-					sim_file_response.file_type = sim_file_ids[i].type;
-					break;
-				}
-			}
-
-			sim_file_response.access_condition[0] = 0x00;
-			sim_file_response.access_condition[1] = 0xff;
-			sim_file_response.access_condition[2] = 0xff;
-
-			sim_file_response.file_status = 0x01;
-			sim_file_response.file_length = 0x02;
-
-			switch (usim_header->file_structure) {
-				case IPC_SEC_RSIM_FILE_STRUCTURE_TRANSPARENT:
-					sim_file_response.file_structure = SIM_FILE_STRUCTURE_TRANSPARENT;
-					break;
-				case IPC_SEC_RSIM_FILE_STRUCTURE_LINEAR_FIXED:
-				default:
-					sim_file_response.file_structure = SIM_FILE_STRUCTURE_LINEAR_FIXED;
-					break;
-			}
-
-			sim_file_response.record_length = usim_header->length;
-
-			response.simResponse = data2string((void *) &sim_file_response, sizeof(sim_file_response));
+			response.simResponse = data2string(data, header->length);
 			break;
 		case SIM_COMMAND_UPDATE_BINARY:
 		case SIM_COMMAND_UPDATE_RECORD:
-- 
2.11.0



More information about the Replicant mailing list