projects / project / uqmi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix improper length of sms message stored in User Data Length field
[project/uqmi.git] / commands-wms.c
1 #include "qmi-message.h"
2
3 #define MIN(a,b) (((a)<(b))?(a):(b))
4 #define CEILDIV(x,y) (((x) + (y) - 1) / (y))
5
6 static void cmd_wms_list_messages_cb(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg)
7 {
8 struct qmi_wms_list_messages_response res;
9 void *c;
10 int i;
11
12 qmi_parse_wms_list_messages_response(msg, &res);
13 c = blobmsg_open_array(&status, NULL);
14 for (i = 0; i < res.data.message_list_n; i++)
15 blobmsg_add_u32(&status, NULL, res.data.message_list[i].memory_index);
16
17 blobmsg_close_array(&status, c);
18 }
19
20 static enum qmi_cmd_result
21 cmd_wms_list_messages_prepare(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg, char *arg)
22 {
23 static struct qmi_wms_list_messages_request mreq = {
24 QMI_INIT(storage_type, QMI_WMS_STORAGE_TYPE_UIM),
25 QMI_INIT(message_tag, QMI_WMS_MESSAGE_TAG_TYPE_MT_NOT_READ),
26 };
27
28 qmi_set_wms_list_messages_request(msg, &mreq);
29
30 return QMI_CMD_REQUEST;
31 }
32
33 static int
34 put_unicode_char(char *dest, uint16_t c)
35 {
36 if (c < 0x80) {
37 *dest = c;
38 return 1;
39 } else if (c < 0x800) {
40 *(dest++) = 0xc0 | ((c >> 6) & 0x1f);
41 *dest = 0x80 | (c & 0x3f);
42 return 2;
43 } else {
44 *(dest++) = 0xe0 | ((c >> 12) & 0xf);
45 *(dest++) = 0x80 | ((c >> 6) & 0x3f);
46 *dest = 0x80 | (c & 0x3f);
47 return 3;
48 }
49 }
50
51
52 static int
53 pdu_decode_7bit_char(char *dest, int len, unsigned char c, bool *escape)
54 {
55 uint16_t conv_0x20[] = {
56 0x0040, 0x00A3, 0x0024, 0x00A5, 0x00E8, 0x00E9, 0x00F9, 0x00EC,
57 0x00F2, 0x00E7, 0x000A, 0x00D8, 0x00F8, 0x000D, 0x00C5, 0x00E5,
58 0x0394, 0x005F, 0x03A6, 0x0393, 0x039B, 0x03A9, 0x03A0, 0x03A8,
59 0x03A3, 0x0398, 0x039E, 0x00A0, 0x00C6, 0x00E6, 0x00DF, 0x00C9,
60 };
61 uint16_t conv_0x5b[] = {
62 0x00C4, 0x00D6, 0x00D1, 0x00DC, 0x00A7, 0x00BF,
63 };
64 uint16_t conv_0x7b[] = {
65 0x00E4, 0x00F6, 0x00F1, 0x00FC, 0x00E0
66 };
67 int cur_len = 0;
68 uint16_t outc;
69
70 fprintf(stderr, " %02x", c);
71 dest += len;
72 if (*escape) {
73 *escape = false;
74 switch(c) {
75 case 0x0A:
76 *dest = 0x0C;
77 return 1;
78 case 0x14:
79 *dest = 0x5E;
80 return 1;
81 case 0x28:
82 *dest = 0x7B;
83 return 1;
84 case 0x29:
85 *dest = 0x7D;
86 return 1;
87 case 0x2F:
88 *dest = 0x5C;
89 return 1;
90 case 0x3C:
91 *dest = 0x5B;
92 return 1;
93 case 0x3D:
94 *dest = 0x7E;
95 return 1;
96 case 0x3E:
97 *dest = 0x5D;
98 return 1;
99 case 0x40:
100 *dest = 0x7C;
101 return 1;
102 case 0x65:
103 outc = 0x20AC;
104 goto out;
105 case 0x1B:
106 goto normal;
107 default:
108 /* invalid */
109 *(dest++) = conv_0x20[0x1B];
110 cur_len++;
111 goto normal;
112 }
113 }
114
115 if (c == 0x1b) {
116 *escape = true;
117 return 0;
118 }
119
120 normal:
121 if (c < 0x20)
122 outc = conv_0x20[(int) c];
123 else if (c == 0x40)
124 outc = 0x00A1;
125 else if (c >= 0x5b && c <= 0x60)
126 outc = conv_0x5b[c - 0x5b];
127 else if (c >= 0x7b && c <= 0x7f)
128 outc = conv_0x7b[c - 0x7b];
129 else
130 outc = c;
131
132 out:
133 return cur_len + put_unicode_char(dest, outc);
134 }
135
136 static int
137 pdu_decode_7bit_str(char *dest, const unsigned char *data, int data_len, int bit_offset)
138 {
139 bool escape = false;
140 int len = 0;
141 int i;
142
143 fprintf(stderr, "Raw text:");
144 for (i = 0; i < data_len; i++) {
145 int pos = (i + bit_offset) % 7;
146
147 if (pos == 0) {
148 len += pdu_decode_7bit_char(dest, len, data[i] & 0x7f, &escape);
149 } else {
150 if (i)
151 len += pdu_decode_7bit_char(dest, len,
152 (data[i - 1] >> (7 + 1 - pos)) |
153 ((data[i] << pos) & 0x7f), &escape);
154
155 if (pos == 6)
156 len += pdu_decode_7bit_char(dest, len, (data[i] >> 1) & 0x7f,
157 &escape);
158 }
159 }
160 dest[len] = 0;
161 fprintf(stderr, "\n");
162 return len;
163 }
164
165 static int decode_udh(const unsigned char *data)
166 {
167 const unsigned char *end;
168 unsigned int type, len, udh_len;
169
170 udh_len = *(data++);
171 end = data + udh_len;
172 while (data < end) {
173 const unsigned char *val;
174
175 type = data[0];
176 len = data[1];
177 val = &data[2];
178 data += 2 + len;
179 if (data > end)
180 break;
181
182 switch (type) {
183 case 0x00:
184 blobmsg_add_u32(&status, "concat_ref", (uint32_t) val[0]);
185 blobmsg_add_u32(&status, "concat_part", (uint32_t) val[2]);
186 blobmsg_add_u32(&status, "concat_parts", (uint32_t) val[1]);
187 break;
188 case 0x08:
189 blobmsg_add_u32(&status, "concat_ref", (uint32_t) (val[0] << 8 | val[1]));
190 blobmsg_add_u32(&status, "concat_part", (uint32_t) val[3]);
191 blobmsg_add_u32(&status, "concat_parts", (uint32_t) val[2]);
192 break;
193 default:
194 break;
195 }
196 }
197
198 return udh_len + 1;
199 }
200
201 static void decode_7bit_field(char *name, const unsigned char *data, int data_len, int bit_offset)
202 {
203 char *dest = blobmsg_alloc_string_buffer(&status, name, 3 * data_len + 2);
204 pdu_decode_7bit_str(dest, data, CEILDIV(data_len * 7, 8), bit_offset);
205 dest[data_len] = 0;
206 blobmsg_add_string_buffer(&status);
207 }
208
209 static char *pdu_add_semioctet(char *str, char val)
210 {
211 *str = '0' + (val & 0xf);
212 if (*str <= '9')
213 str++;
214
215 *str = '0' + ((val >> 4) & 0xf);
216 if (*str <= '9')
217 str++;
218
219 return str;
220 }
221
222 static void
223 pdu_decode_address(char *str, unsigned char *data, int len)
224 {
225 unsigned char toa;
226
227 toa = *(data++);
228 switch (toa & 0x70) {
229 case 0x50:
230 pdu_decode_7bit_str(str, data, len, 0);
231 return;
232 case 0x10:
233 *(str++) = '+';
234 /* fall through */
235 default:
236 while (len--) {
237 str = pdu_add_semioctet(str, *data);
238 data++;
239 }
240 }
241
242 *str = 0;
243 }
244
245 static void wms_decode_address(char *name, unsigned char *data, int len)
246 {
247 char *str = blobmsg_alloc_string_buffer(&status, name, len * 2 + 2);
248 pdu_decode_address(str, data, len);
249 blobmsg_add_string_buffer(&status);
250 }
251
252 static void blobmsg_add_hex(struct blob_buf *buf, const char *name, unsigned const char *data, int len)
253 {
254 char* str = blobmsg_alloc_string_buffer(buf, name, len * 2 + 1);
255 for (int i = 0; i < len; i++) {
256 str += sprintf(str, "%02x", data[i]);
257 }
258 blobmsg_add_string_buffer(buf);
259 }
260
261 #define cmd_wms_delete_message_cb no_cb
262 static enum qmi_cmd_result
263 cmd_wms_delete_message_prepare(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg, char *arg)
264 {
265 char *err;
266 int id;
267
268 id = strtoul(arg, &err, 10);
269 if (err && *err) {
270 uqmi_add_error("Invalid message ID");
271 return QMI_CMD_EXIT;
272 }
273
274 static struct qmi_wms_delete_request mreq = {
275 QMI_INIT(memory_storage, QMI_WMS_STORAGE_TYPE_UIM),
276 QMI_INIT(message_mode, QMI_WMS_MESSAGE_MODE_GSM_WCDMA),
277 };
278
279 mreq.set.memory_index = 1;
280 mreq.data.memory_index = id;
281
282 qmi_set_wms_delete_request(msg, &mreq);
283
284 return QMI_CMD_REQUEST;
285 }
286
287
288 static void cmd_wms_get_message_cb(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg)
289 {
290 struct qmi_wms_raw_read_response res;
291 unsigned char *data, *end;
292 char *str;
293 int cur_len;
294 bool sent;
295 unsigned char first, dcs;
296 void *c;
297
298 qmi_parse_wms_raw_read_response(msg, &res);
299 c = blobmsg_open_table(&status, NULL);
300 data = (unsigned char *) res.data.raw_message_data.raw_data;
301 end = data + res.data.raw_message_data.raw_data_n;
302
303 cur_len = *(data++);
304 if (data + cur_len >= end)
305 goto error;
306
307 if (cur_len) {
308 wms_decode_address("smsc", data, cur_len - 1);
309 data += cur_len;
310 }
311
312 if (data + 3 >= end)
313 goto error;
314
315 first = *(data++);
316 sent = (first & 0x3) == 1;
317 if (sent)
318 data++;
319
320 cur_len = *(data++);
321 if (data + cur_len >= end)
322 goto error;
323
324 if (cur_len) {
325 cur_len = (cur_len + 1) / 2;
326 wms_decode_address(sent ? "receiver" : "sender", data, cur_len);
327 data += cur_len + 1;
328 }
329
330 if (data + 3 >= end)
331 goto error;
332
333 /* Protocol ID */
334 if (*(data++) != 0)
335 goto error;
336
337 /* Data Encoding */
338 dcs = *(data++);
339
340 if (dcs & 0x10)
341 blobmsg_add_u32(&status, "class", (dcs & 3));
342
343 if (sent) {
344 /* Message validity */
345 data++;
346 } else {
347 if (data + 6 >= end)
348 goto error;
349
350 str = blobmsg_alloc_string_buffer(&status, "timestamp", 32);
351
352 /* year */
353 *(str++) = '2';
354 *(str++) = '0';
355 str = pdu_add_semioctet(str, data[0]);
356 /* month */
357 *(str++) = '-';
358 str = pdu_add_semioctet(str, data[1]);
359 /* day */
360 *(str++) = '-';
361 str = pdu_add_semioctet(str, data[2]);
362
363 /* hour */
364 *(str++) = ' ';
365 str = pdu_add_semioctet(str, data[3]);
366 /* minute */
367 *(str++) = ':';
368 str = pdu_add_semioctet(str, data[4]);
369 /* second */
370 *(str++) = ':';
371 str = pdu_add_semioctet(str, data[5]);
372 *str = 0;
373
374 blobmsg_add_string_buffer(&status);
375
376 data += 7;
377 }
378
379 int message_len = *(data++);
380 int udh_len = 0;
381 int bit_offset = 0;
382
383 /* User Data Header */
384 if (first & 0x40) {
385 udh_len = decode_udh(data);
386 data += udh_len;
387 bit_offset = udh_len % 7;
388 }
389
390 if (data >= end)
391 goto error;
392
393 switch(dcs & 0x0c) {
394 case 0x00:
395 /* 7 bit GSM alphabet */
396 message_len = message_len - CEILDIV(udh_len * 8, 7);
397 message_len = MIN(message_len, CEILDIV((end - data) * 8, 7));
398 decode_7bit_field("text", data, message_len, bit_offset);
399 break;
400 case 0x04:
401 /* 8 bit data */
402 message_len = MIN(message_len - udh_len, end - data);
403 blobmsg_add_hex(&status, "data", data, message_len);
404 break;
405 case 0x08:
406 /* 16 bit UCS-2 string */
407 message_len = MIN(message_len - udh_len, end - data);
408 blobmsg_add_hex(&status, "ucs-2", data, message_len);
409 break;
410 default:
411 goto error;
412 }
413
414 blobmsg_close_table(&status, c);
415 return;
416
417 error:
418 blobmsg_close_table(&status, c);
419 fprintf(stderr, "There was an error reading message.\n");
420 }
421
422 static enum qmi_cmd_result
423 cmd_wms_get_message_prepare(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg, char *arg)
424 {
425 static struct qmi_wms_raw_read_request mreq = {
426 QMI_INIT_SEQUENCE(message_memory_storage_id,
427 .storage_type = QMI_WMS_STORAGE_TYPE_UIM,
428 ),
429 QMI_INIT(message_mode, QMI_WMS_MESSAGE_MODE_GSM_WCDMA),
430 };
431 char *err;
432 int id;
433
434 id = strtoul(arg, &err, 10);
435 if (err && *err) {
436 uqmi_add_error("Invalid message ID");
437 return QMI_CMD_EXIT;
438 }
439
440 mreq.data.message_memory_storage_id.memory_index = id;
441 qmi_set_wms_raw_read_request(msg, &mreq);
442
443 return QMI_CMD_REQUEST;
444 }
445
446
447 static void cmd_wms_get_raw_message_cb(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg)
448 {
449 struct qmi_wms_raw_read_response res;
450 unsigned char *data;
451 char *str;
452 int i;
453
454 qmi_parse_wms_raw_read_response(msg, &res);
455 data = (unsigned char *) res.data.raw_message_data.raw_data;
456 str = blobmsg_alloc_string_buffer(&status, NULL, res.data.raw_message_data.raw_data_n * 3);
457 for (i = 0; i < res.data.raw_message_data.raw_data_n; i++) {
458 str += sprintf(str, &" %02x"[i ? 0 : 1], data[i]);
459 }
460 blobmsg_add_string_buffer(&status);
461 }
462
463 #define cmd_wms_get_raw_message_prepare cmd_wms_get_message_prepare
464
465
466 static struct {
467 const char *smsc;
468 const char *target;
469 bool flash;
470 } _send;
471
472
473 #define cmd_wms_send_message_smsc_cb no_cb
474 static enum qmi_cmd_result
475 cmd_wms_send_message_smsc_prepare(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg, char *arg)
476 {
477 _send.smsc = arg;
478 return QMI_CMD_DONE;
479 }
480
481 #define cmd_wms_send_message_target_cb no_cb
482 static enum qmi_cmd_result
483 cmd_wms_send_message_target_prepare(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg, char *arg)
484 {
485 _send.target = arg;
486 return QMI_CMD_DONE;
487 }
488
489 #define cmd_wms_send_message_flash_cb no_cb
490 static enum qmi_cmd_result
491 cmd_wms_send_message_flash_prepare(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg, char *arg)
492 {
493 _send.flash = true;
494 return QMI_CMD_DONE;
495 }
496
497 static int
498 pdu_encode_semioctet(unsigned char *dest, const char *str)
499 {
500 int len = 0;
501 bool lower = true;
502
503 while (*str) {
504 char digit = *str - '0';
505
506 if (lower)
507 dest[len] = 0xf0 | digit;
508 else
509 dest[len++] &= (digit << 4) | 0xf;
510
511 lower = !lower;
512 str++;
513 }
514
515 return len;
516 }
517
518 static int
519 pdu_encode_7bit_str(unsigned char *data, const char *str)
520 {
521 unsigned char c;
522 int len = 0;
523 int ofs = 0;
524
525 while(1) {
526 c = *(str++) & 0x7f;
527 if (!c)
528 break;
529
530 switch(ofs) {
531 case 0:
532 data[len] = c;
533 break;
534 default:
535 data[len++] |= c << (8 - ofs);
536 data[len] = c >> ofs;
537 break;
538 }
539
540 ofs = (ofs + 1) % 8;
541 }
542
543 return len + 1;
544 }
545
546 static int
547 pdu_encode_number(unsigned char *dest, const char *str, bool smsc)
548 {
549 unsigned char format;
550 bool ascii = false;
551 int len = 0;
552 int i;
553
554 dest[len++] = 0;
555 if (*str == '+') {
556 str++;
557 format = 0x91;
558 } else {
559 format = 0x81;
560 }
561
562 for (i = 0; str[i]; i++) {
563 if (str[i] >= '0' && str[i] <= '9')
564 continue;
565
566 ascii = true;
567 break;
568 }
569
570 if (ascii)
571 format |= 0x40;
572
573 dest[len++] = format;
574 if (!ascii)
575 len += pdu_encode_semioctet(&dest[len], str);
576 else
577 len += pdu_encode_7bit_str(&dest[len], str);
578
579 if (smsc)
580 dest[0] = len - 1;
581 else
582 dest[0] = strlen(str);
583
584 return len;
585 }
586
587 static int
588 pdu_encode_data(unsigned char *dest, const char *str)
589 {
590 int len = 0;
591
592 dest[len++] = 0;
593 len += pdu_encode_7bit_str(&dest[len], str);
594 dest[0] = strlen(str);
595
596 return len;
597 }
598
599 #define cmd_wms_send_message_cb no_cb
600 static enum qmi_cmd_result
601 cmd_wms_send_message_prepare(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg, char *arg)
602 {
603 static unsigned char buf[512];
604 static struct qmi_wms_raw_send_request mreq = {
605 QMI_INIT_SEQUENCE(raw_message_data,
606 .format = QMI_WMS_MESSAGE_FORMAT_GSM_WCDMA_POINT_TO_POINT,
607 .raw_data = buf,
608 ),
609 };
610 unsigned char *cur = buf;
611 unsigned char first_octet = 0x11;
612 unsigned char protocol_id = 0x00;
613 unsigned char dcs = 0x00;
614
615 if (!_send.smsc || !*_send.smsc || !_send.target || !*_send.target) {
616 uqmi_add_error("Missing argument");
617 return QMI_CMD_EXIT;
618 }
619
620 if (strlen(_send.smsc) > 16 || strlen(_send.target) > 16 || strlen(arg) > 160) {
621 uqmi_add_error("Argument too long");
622 return QMI_CMD_EXIT;
623 }
624
625 if (_send.flash)
626 dcs |= 0x10;
627
628 cur += pdu_encode_number(cur, _send.smsc, true);
629 *(cur++) = first_octet;
630 *(cur++) = 0; /* reference */
631
632 cur += pdu_encode_number(cur, _send.target, false);
633 *(cur++) = protocol_id;
634 *(cur++) = dcs;
635
636 *(cur++) = 0xff; /* validity */
637 cur += pdu_encode_data(cur, arg);
638
639 mreq.data.raw_message_data.raw_data_n = cur - buf;
640 qmi_set_wms_raw_send_request(msg, &mreq);
641
642 return QMI_CMD_REQUEST;
643 }
Tiny QMI command line utility