From 465ec2104bc0e2fbf700f3535d1ace9cacd369b1 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Fri, 6 Jun 2014 02:45:15 +0200 Subject: [PATCH] throw UnexpectedMessage failure on unknown messages --- firmware/Makefile | 1 - firmware/fsm.c | 3 ++- firmware/messages.c | 8 +++++--- firmware/protect.c | 14 +++++++++++--- 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/firmware/Makefile b/firmware/Makefile index ccd2d9ccc5..600cfdfe4c 100644 --- a/firmware/Makefile +++ b/firmware/Makefile @@ -45,4 +45,3 @@ CFLAGS += -Iprotob -DPB_FIELD_16BIT=1 CFLAGS += -DDEBUG_LINK=0 CFLAGS += -DDEBUG_LOG=0 CFLAGS += -DSCM_REVISION='"$(shell git rev-parse HEAD | sed 's:\(..\):\\x\1:g')"' -CFLAGS += -DSCM_REVISION_LEN=20 diff --git a/firmware/fsm.c b/firmware/fsm.c index 834bdbb3a8..dc3ceeef3d 100644 --- a/firmware/fsm.c +++ b/firmware/fsm.c @@ -111,7 +111,8 @@ void fsm_msgInitialize(Initialize *msg) resp->has_pin_protection = true; resp->pin_protection = storage.has_pin; resp->has_passphrase_protection = true; resp->passphrase_protection = storage.has_passphrase_protection && storage.passphrase_protection; #ifdef SCM_REVISION - resp->has_revision = true; memcpy(resp->revision.bytes, SCM_REVISION, sizeof(resp->revision)); resp->revision.size = SCM_REVISION_LEN; + int len = sizeof(SCM_REVISION) - 1; + resp->has_revision = true; memcpy(resp->revision.bytes, SCM_REVISION, len); resp->revision.size = len; #endif resp->has_bootloader_hash = true; resp->bootloader_hash.size = memory_bootloader_hash(resp->bootloader_hash.bytes); if (storage.has_language) { diff --git a/firmware/messages.c b/firmware/messages.c index 403d1e8195..5618be39c5 100644 --- a/firmware/messages.c +++ b/firmware/messages.c @@ -290,6 +290,8 @@ void msg_read_common(char type, uint8_t *buf, int len) static uint32_t msg_pos = 0; static const pb_field_t *fields = 0; + if (len != 64) return; + if (read_state == READSTATE_IDLE) { if (buf[0] != '?' || buf[1] != '#' || buf[2] != '#') { // invalid start - discard return; @@ -299,7 +301,7 @@ void msg_read_common(char type, uint8_t *buf, int len) fields = MessageFields(type, 'i', msg_id); if (!fields) { // unknown message - // fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Unknown message"); + fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Unknown message"); return; } if (msg_size > MSG_IN_SIZE) { // message is too big :( @@ -355,7 +357,7 @@ uint16_t msg_tiny_id = 0xFFFF; void msg_read_tiny(uint8_t *buf, int len) { - if (len < 9) return; + if (len != 64) return; if (buf[0] != '?' || buf[1] != '#' || buf[2] != '#') { return; } @@ -402,7 +404,7 @@ void msg_read_tiny(uint8_t *buf, int len) msg_tiny_id = 0xFFFF; } } else { - // fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Unknown message"); + fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Unknown message"); msg_tiny_id = 0xFFFF; } } diff --git a/firmware/protect.c b/firmware/protect.c index 4c1596ee26..10976b5ee8 100644 --- a/firmware/protect.c +++ b/firmware/protect.c @@ -34,8 +34,11 @@ bool protectAbortedByInitialize = false; bool protectButton(ButtonRequestType type, bool confirm_only) { ButtonRequest resp; - bool result; + bool result = false; bool acked = false; +#if DEBUG_LINK + bool debug_decided = false; +#endif memset(&resp, 0, sizeof(ButtonRequest)); resp.has_code = true; @@ -46,7 +49,7 @@ bool protectButton(ButtonRequestType type, bool confirm_only) for (;;) { usbPoll(); - // wait for ButtonAck + // check for ButtonAck if (msg_tiny_id == MessageType_MessageType_ButtonAck) { msg_tiny_id = 0xFFFF; acked = true; @@ -66,6 +69,7 @@ bool protectButton(ButtonRequestType type, bool confirm_only) } } + // check for Cancel / Initialize if (msg_tiny_id == MessageType_MessageType_Cancel || msg_tiny_id == MessageType_MessageType_Initialize) { if (msg_tiny_id == MessageType_MessageType_Initialize) { protectAbortedByInitialize = true; @@ -75,12 +79,16 @@ bool protectButton(ButtonRequestType type, bool confirm_only) break; } - // check debug link #if DEBUG_LINK + // check DebugLink if (msg_tiny_id == MessageType_MessageType_DebugLinkDecision) { msg_tiny_id = 0xFFFF; DebugLinkDecision *dld = (DebugLinkDecision *)msg_tiny; result = dld->yes_no; + debug_decided = true; + } + + if (acked && debug_decided) { break; }