gfto
/
tsdecrypt
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 18 Wiki Activity
Browse Source

Fix camd message len 

Fixes problems with providers that use quite long ECMs/EMMs.

Store message len in int instead of uint8_t to fix transmission of msgs
longer than 255 bytes (size_t was not an option as some functions return
negative values).

Add msg len check to cs378x as it only allows up to 256 bytes data.
Stefan Pöschel 7 years ago
parent
8984be49a8
commit
fdfdca330a
4 changed files with 13 additions and 7 deletions
Split View Show Diff Stats
  1. 7
    2
      camd-cs378x.c
  2. 1
    1
      camd.c
  3. 1
    1
      camd.h
  4. 4
    3
      data.h

+ 7
- 2
camd-cs378x.c View File 

@@ -50,7 +50,7 @@ static int cs378x_recv(struct camd *c, uint8_t *data, int *data_len) {
50 50 
 			c->ops.ident, auth_token, c->cs378x.auth_token);
51 51 
 	}
52 52
53 
-	*data_len = 256;
53 
+	*data_len = CAMD35_DATA_SIZE;
54 54 
 	for (i = 0; i < *data_len; i += 16) { // Read and decrypt payload
55 55 
 		fdread(c->server_fd, (char *)data + i, 16);
56 56 
 		AES_decrypt(data + i, data + i, &c->cs378x.aes_decrypt_key);
 
@@ -96,9 +96,14 @@ static void cs378x_buf_init(struct camd *c, uint8_t *data, int data_len) {
96 96 
 }
97 97
98 98 
 static int cs378x_do_ecm(struct camd *c, struct camd_msg *msg) {
99 
+	if (msg->data_len > CAMD35_DATA_SIZE) {
100 
+		ts_LOGf("ERR | [%s] Data too long.\n", c->ops.ident);
101 
+		return 0; // false
102 
+	}
103 
+
99 104 
 	int to_send = boundary(4, CAMD35_HDR_LEN + msg->data_len);
100 105
101 
-	cs378x_buf_init(c, msg->data, (int)msg->data_len);
106 
+	cs378x_buf_init(c, msg->data, msg->data_len);
102 107
103 108 
 	c->cs378x.msg_id++;
104 109

+ 1
- 1
camd.c View File 

@@ -238,7 +238,7 @@ OUT:
238 238 
 	camd_msg_free(&msg);
239 239 
 }
240 240
241 
-struct camd_msg *camd_msg_alloc(enum msg_type msg_type, uint16_t ca_id, uint16_t service_id, uint8_t *data, uint8_t data_len) {
241 
+struct camd_msg *camd_msg_alloc(enum msg_type msg_type, uint16_t ca_id, uint16_t service_id, uint8_t *data, int data_len) {
242 242 
 	struct camd_msg *c = calloc(1, sizeof(struct camd_msg));
243 243 
 	c->type       = msg_type;
244 244 
 	c->ca_id      = ca_id;

+ 1
- 1
camd.h View File 

@@ -19,7 +19,7 @@
19 19
20 20 
 int connect_client							(int socktype, const char *hostname, const char *service);
21 21
22 
-struct camd_msg *		camd_msg_alloc		(enum msg_type msg_type, uint16_t ca_id, uint16_t service_id, uint8_t *data, uint8_t data_len);
22 
+struct camd_msg *		camd_msg_alloc		(enum msg_type msg_type, uint16_t ca_id, uint16_t service_id, uint8_t *data, int data_len);
23 23 
 void					camd_msg_free   	(struct camd_msg **pmsg);
24 24
25 25 
 void					camd_set_cw			(struct ts *ts, uint8_t *new_cw, int check_validity);

+ 4
- 3
data.h View File 

@@ -72,7 +72,8 @@ struct key {
72 72
73 73 
 // 4 auth header, 20 header size, 256 max data size, 16 potential padding
74 74 
 #define CAMD35_HDR_LEN (20)
75 
-#define CAMD35_BUF_LEN (4 + CAMD35_HDR_LEN + 256 + 16)
75 
+#define CAMD35_DATA_SIZE (256)
76 
+#define CAMD35_BUF_LEN (4 + CAMD35_HDR_LEN + CAMD35_DATA_SIZE + 16)
76 77
77 78 
 // When this limit is reached invalid_cw flag is set.
78 79 
 #define ECM_RECV_ERRORS_LIMIT 10
 
@@ -89,8 +90,8 @@ struct camd_msg {
89 90 
 	enum msg_type	type;
90 91 
 	uint16_t		ca_id;
91 92 
 	uint16_t		service_id;
92 
-	uint8_t			data_len;
93 
-	uint8_t			data[255];
93 
+	int				data_len;
94 
+	uint8_t			data[512];	// enough for now
94 95 
 	struct ts		*ts;
95 96 
 };
96 97

Write Preview
Loading…
Cancel
Save