Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Buffer overflow in MXC_SYS_GetUSN / sys_me15.c #1006

Closed
pedrofza opened this issue May 1, 2024 · 1 comment · Fixed by #1016
Closed

Buffer overflow in MXC_SYS_GetUSN / sys_me15.c #1006

pedrofza opened this issue May 1, 2024 · 1 comment · Fixed by #1016
Assignees
@Jake-Carter
Labels
bug Something isn't working

Comments

@pedrofza
Copy link

pedrofza commented May 1, 2024

Board

  • Max32670

Files:

  • MaximSDK\Libraries\PeriphDrivers\Source\SYS\sys_me15.c
  • MaximSDK\Libraries\PeriphDrivers\Include\MAX32670\mxc_sys.h

Affected versions that I checked:

  • February 2024 Release
  • main branch

The docstring for MXC_SYS_GetUSN states that the parameter usn must be at least MXC_SYS_USN_LEN (13) bytes long.

However, it looks like the implementation in sys_me15.c will unconditionally memset the first MXC_SYS_USN_CHECKSUM_LEN (16) bytes of usn, resulting in a buffer overflow if usn has the minimum size of MXC_SYS_USN_LEN bytes, as stated in the docstring.
@Jake-Carter Jake-Carter self-assigned this May 4, 2024
@Jake-Carter Jake-Carter added the bug Something isn't working label May 4, 2024
@Jake-Carter Jake-Carter mentioned this issue May 13, 2024
Merged
4 tasks
@Jake-Carter
Copy link
Contributor

Thanks @pedrofza - you're right, good catch. Just opened a PR to use the correct value.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Jake-Carter Jake-Carter

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(PeriphDrivers): Fix MXC_SYS_GetUSN Buffer Overflow Jake-Carter/msdk
2 participants
@pedrofza @Jake-Carter