lib: when receiving data, make sure to not copy one packet to much

this might lead to a 64 byte buffer-overflow
Yubico · Jan 8, 2019 · f526546 · f526546
1 parent e77a109
commit f526546
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/u2f-host/u2fmisc.c b/u2f-host/u2fmisc.c
@@ -312,6 +312,10 @@ u2fh_sendrecv (u2fh_devs * devs, unsigned index, uint8_t cmd,
 		     frame.cont.seq, sequence);
 	    return U2FH_TRANSPORT_ERROR;
 	  }
+	if (recvddata + sizeof (frame.cont.data) > maxlen)
+	  {
+	    return U2FH_TRANSPORT_ERROR;
+	  }
 	memcpy (recv + recvddata, frame.cont.data, sizeof (frame.cont.data));
 	recvddata += sizeof (frame.cont.data);
       }