The initial SimAuth implementation incorrectly parsed the AUTS value as 16 bytes, not 14. --- src/sim-auth.c | 2 +- src/simutil.c | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/sim-auth.c b/src/sim-auth.c index 9ae5574..c0b2422 100644 --- a/src/sim-auth.c +++ b/src/sim-auth.c @@ -272,7 +272,7 @@ static void handle_umts(struct ofono_sim_auth *sim, const uint8_t *resp, "{say}", &dict); if (auts) { - append_dict_byte_array(&dict, "AUTS", auts, 16); + append_dict_byte_array(&dict, "AUTS", auts, 14); } else { append_dict_byte_array(&dict, "RES", res, 8); append_dict_byte_array(&dict, "CK", ck, 16); diff --git a/src/simutil.c b/src/simutil.c index 8fbde15..2f49500 100644 --- a/src/simutil.c +++ b/src/simutil.c @@ -1657,7 +1657,7 @@ gboolean sim_parse_umts_authenticate(const unsigned char *buffer, const unsigned char **ik, const unsigned char **auts, const unsigned char **kc) { - if (len < 18 || !buffer) + if (len < 16 || !buffer) return FALSE; switch (buffer[0]) { @@ -1695,16 +1695,17 @@ gboolean sim_parse_umts_authenticate(const unsigned char *buffer, break; case 0xdc: - /* 'DB' + '10' + AUTS(16) = 18 */ - if (len < 18) + /* 'DC' + '0E' + AUTS(14) = 16 */ + if (len < 16) goto umts_end; /* sync error */ - if (buffer[1] != 0x10) + if (buffer[1] != 0x0e) goto umts_end; *auts = buffer + 2; + break; default: goto umts_end; -- 2.7.4