Git-Mirrors/tillitis-key
1
0
Fork 0
mirror of https://github.com/tillitis/tillitis-key1.git synced 2025-09-21 05:14:38 -04:00
Code Issues Projects Releases Packages Wiki Activity

ch552: Fix FIDO data copy

Browse source 
Fix potential out of bounds write.
This commit is contained in:
Jonas Thörnblad 2025-05-06 12:53:12 +02:00
parent ec9ef31140
commit 14e4cd09c9
No known key found for this signature in database
GPG key ID: 2D318AD00A326F95
1 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
hw/usb_interface/ch552_fw/src/main.c
View file

@ -1687,18 +1687,19 @@ void main()
// Copy FIDO data from UartRxBuf to FrameBuf // Copy FIDO data from UartRxBuf to FrameBuf
if (FrameStarted && !FrameDiscard && !FidoDataAvailable) { if (FrameStarted && !FrameDiscard && !FidoDataAvailable) {
if (FrameMode == IO_FIDO) { if (FrameMode == IO_FIDO) {
// Check if a complete frame has been received if ((FrameRemainingBytes >= MAX_FRAME_SIZE) &&
if (UartRxBufByteCount >= FrameRemainingBytes) { (UartRxBufByteCount >= MAX_FRAME_SIZE)) {
circular_copy(FrameBuf, circular_copy(FrameBuf,
UartRxBuf, UartRxBuf,
UART_RX_BUF_SIZE, UART_RX_BUF_SIZE,
UartRxBufOutputPointer, UartRxBufOutputPointer,
FrameRemainingBytes); MAX_FRAME_SIZE);
FrameBufLength = MAX_FRAME_SIZE; FrameBufLength = MAX_FRAME_SIZE;
// Update output pointer // Update output pointer
UartRxBufOutputPointer = increment_pointer(UartRxBufOutputPointer, UartRxBufOutputPointer = increment_pointer(UartRxBufOutputPointer,
FrameRemainingBytes, MAX_FRAME_SIZE,
UART_RX_BUF_SIZE); UART_RX_BUF_SIZE);
FrameRemainingBytes -= MAX_FRAME_SIZE;
FidoDataAvailable = 1; FidoDataAvailable = 1;
cts_start(); cts_start();
} }