depau/libfprint
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

upekts: Assert correct packet length in __handle_incoming_msg

Browse source 
The surrounding code already checks this and reads the correct amount.
Add an assert to ensure we really never do an out of bounds read.
This commit is contained in:
Benjamin Berg 2020-05-07 20:13:00 +02:00 committed by Benjamin Berg
parent a5cfc1644f
commit 484743f652
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
libfprint/drivers/upekts.c
View file

@ -235,12 +235,19 @@ __handle_incoming_msg (FpDevice *device,
{
GError *error = NULL;
guint8 *buf = udata->buffer;
guint16 len = ((buf[5] & 0xf) << 8) | buf[6];
guint16 computed_crc = udf_crc (buf + 4, len + 3);
guint16 msg_crc = (buf[len + 8] << 8) | buf[len + 7];
guint16 len;
guint16 computed_crc;
guint16 msg_crc;
unsigned char *retdata = NULL;
unsigned char code_a, code_b;
g_assert (udata->buflen >= 6);
len = ((buf[5] & 0xf) << 8) | buf[6];
g_assert (udata->buflen >= len + 9);
computed_crc = udf_crc (buf + 4, len + 3);
msg_crc = (buf[len + 8] << 8) | buf[len + 7];
if (computed_crc != msg_crc)
{
fp_err ("CRC failed, got %04x expected %04x", msg_crc, computed_crc);