Skip to content
This repository was archived by the owner on Oct 14, 2020. It is now read-only.

Commit f526546

Browse files
committed
lib: when receiving data, make sure to not copy one packet to much
this might lead to a 64 byte buffer-overflow
1 parent e77a109 commit f526546

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

u2f-host/u2fmisc.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -312,6 +312,10 @@ u2fh_sendrecv (u2fh_devs * devs, unsigned index, uint8_t cmd,
312312
frame.cont.seq, sequence);
313313
return U2FH_TRANSPORT_ERROR;
314314
}
315+
if (recvddata + sizeof (frame.cont.data) > maxlen)
316+
{
317+
return U2FH_TRANSPORT_ERROR;
318+
}
315319
memcpy (recv + recvddata, frame.cont.data, sizeof (frame.cont.data));
316320
recvddata += sizeof (frame.cont.data);
317321
}

0 commit comments

Comments
 (0)