Skip to content
This repository has been archived by the owner on Oct 14, 2020. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
lib: when receiving data, make sure to not copy one packet to much
this might lead to a 64 byte buffer-overflow
  • Loading branch information
klali committed Jan 8, 2019
1 parent e77a109 commit f526546
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions u2f-host/u2fmisc.c
Expand Up @@ -312,6 +312,10 @@ u2fh_sendrecv (u2fh_devs * devs, unsigned index, uint8_t cmd,
frame.cont.seq, sequence);
return U2FH_TRANSPORT_ERROR;
}
if (recvddata + sizeof (frame.cont.data) > maxlen)
{
return U2FH_TRANSPORT_ERROR;
}
memcpy (recv + recvddata, frame.cont.data, sizeof (frame.cont.data));
recvddata += sizeof (frame.cont.data);
}
Expand Down

0 comments on commit f526546

Please sign in to comment.