Skip to content
Permalink
Browse files

lib: when receiving data, make sure to not copy one packet to much

this might lead to a 64 byte buffer-overflow
  • Loading branch information
klali committed Jan 8, 2019
1 parent e77a109 commit f526546bb29f2ef704ae9850f0f4b41fea7b62a4
Showing with 4 additions and 0 deletions.
  1. +4 −0 u2f-host/u2fmisc.c
@@ -312,6 +312,10 @@ u2fh_sendrecv (u2fh_devs * devs, unsigned index, uint8_t cmd,
frame.cont.seq, sequence);
return U2FH_TRANSPORT_ERROR;
}
if (recvddata + sizeof (frame.cont.data) > maxlen)
{
return U2FH_TRANSPORT_ERROR;
}
memcpy (recv + recvddata, frame.cont.data, sizeof (frame.cont.data));
recvddata += sizeof (frame.cont.data);
}

0 comments on commit f526546

Please sign in to comment.
You can’t perform that action at this time.