arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 23:48:12 +00:00
Code Issues Releases Wiki Activity

Clean-up. Better checks for buffer overflow.

Browse Source
This commit is contained in:
Jochen Hoenicke 2016-04-27 13:37:45 +02:00
parent 5c13e78deb
commit 2abe5d477e
1 changed files with 18 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
firmware/u2f.c
View File

@ -168,26 +168,34 @@ void u2fhid_read(const U2FHID_FRAME *f)
cmd = f->type;
memcpy(buf_ptr, f->init.data, sizeof(f->init.data));
buf_ptr += sizeof(f->init.data);
// Broadcast is reserved for init
if (cid == CID_BROADCAST && cmd != U2FHID_INIT)
return;
// Check length isnt bigger than spec max
if (len > sizeof(buf)) {
len = 0;
return send_u2fhid_error(ERR_INVALID_LEN);
}
}
else {
// Broadcast is reserved for init
if (cid == CID_BROADCAST)
return;
// check out of bounds
if ((buf_ptr - buf) >= (signed) len
|| (buf_ptr + sizeof(f->cont.data) - buf) > (signed) sizeof(buf))
return;
if (f->cont.seq == seq) {
seq++;
memcpy(buf_ptr, f->cont.data, sizeof(f->cont.data));
buf_ptr += sizeof(f->cont.data);
}
else {
} else {
return send_u2fhid_error(ERR_INVALID_SEQ);
}
}
// Broadcast is reserved for init
if (cid == CID_BROADCAST && cmd != U2FHID_INIT)
return;
// Check length isnt bigger than spec max
if (len > sizeof(buf))
return send_u2fhid_error(ERR_INVALID_LEN);
// Do we need to wait for more data
if ((buf_ptr - buf) < (signed)len) {
// debugLog(0, "", "u2fhid_read wait");
@ -202,18 +210,12 @@ void u2fhid_read(const U2FHID_FRAME *f)
case U2FHID_MSG:
u2fhid_msg((APDU *)buf, len);
break;
case U2FHID_LOCK:
u2fhid_lock(buf, len);
break;
case U2FHID_INIT:
u2fhid_init((const U2FHID_INIT_REQ *)buf);
break;
case U2FHID_WINK:
u2fhid_wink(buf, len);
break;
// case U2FHID_SYNC:
// u2fhid_sync(buf, len);
break;
default:
send_u2fhid_error(ERR_INVALID_CMD);
break;
@ -245,26 +247,6 @@ void u2fhid_wink(const uint8_t *buf, uint32_t len)
queue_u2f_pkt(&f);
}
void u2fhid_sync(const uint8_t *buf, uint32_t len)
{
debugLog(0, "", "u2fhid_sync");
(void)buf;
if (len > 0)
return send_u2fhid_error(ERR_INVALID_LEN);
// Abort things.
dialog_timeout = 0;
}
void u2fhid_lock(const uint8_t *buf, uint32_t len)
{
debugLog(0, "", "u2fhid_lock");
(void)buf;
(void)len;
send_u2fhid_error(ERR_INVALID_CMD);
}
void u2fhid_init(const U2FHID_INIT_REQ *init_req)
{
debugLog(0, "", "u2fhid_init");