From c7067d005723e613b7e1332d8d9fa7ca0f10e602 Mon Sep 17 00:00:00 2001 From: iceman1001 <iceman@iuse.se> Date: Fri, 27 Apr 2018 12:36:53 +0200 Subject: [PATCH] CHG: added extra out-of-bounds check when downloading data from device. --- client/cmdmain.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/client/cmdmain.c b/client/cmdmain.c index c40d52729..cff5d745d 100644 --- a/client/cmdmain.c +++ b/client/cmdmain.c @@ -236,6 +236,11 @@ void UsbCommandReceived(UsbCommand* _ch) { uint32_t len = MIN(c->arg[1], sample_buf_size); //uint32_t tracelen = c->arg[2]; + // extended bounds check. + if ( offset + len > sample_buf_size ) { + PrintAndLogEx(FAILED, "ERROR: Out of bounds when downloading from device, offset %u | len %u | total len %u > sample_buf_size %u", offset, len, offset+len, sample_buf_size); + break; + } //printf("SAMPLE_BUF_SIZE %u | adjusted len %u | offset %u\n", sample_buf_size, len, offset); memcpy( sample_buf + offset, c->d.asBytes, len);