Commit 5757fafe authored by Romuald Conty's avatar Romuald Conty

acr122_usb: check if received frame is long enough (Touchatag)

This prevents from potential out-of-memory read.
parent 27c43e8b
......@@ -631,6 +631,11 @@ read:
goto read;
}
}
if (res < 12) {
log_put(LOG_GROUP, LOG_CATEGORY, NFC_LOG_PRIORITY_ERROR, "%s", "Invalid RDR_to_PC_DataBlock frame");
pnd->last_error = NFC_EIO;
return pnd->last_error;
}
if (abtRxBuf[offset] != attempted_response) {
log_put(LOG_GROUP, LOG_CATEGORY, NFC_LOG_PRIORITY_ERROR, "%s", "Frame header mismatch");
pnd->last_error = NFC_EIO;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment