gitbot/qmk_firmware
0
0
Fork 0
mirror of https://github.com/qmk/qmk_firmware.git synced 2025-07-16 12:51:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed missing bounds checks and off-by-one in the DFU bootloader signature bytes (thanks to Reuti)

Browse Source
This commit is contained in:
Dean Camera 2015-11-08 14:48:35 +11:00
parent 4afebc8b70
commit 6b06bc6237
2 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
Bootloaders/DFU/BootloaderDFU.c
View File

@ -818,18 +818,43 @@ static void ProcessReadCommand(void)
const uint8_t BootloaderInfo[3] = {BOOTLOADER_VERSION, BOOTLOADER_ID_BYTE1, BOOTLOADER_ID_BYTE2}; const uint8_t BootloaderInfo[3] = {BOOTLOADER_VERSION, BOOTLOADER_ID_BYTE1, BOOTLOADER_ID_BYTE2};
const uint8_t SignatureInfo[4] = {0x58, AVR_SIGNATURE_1, AVR_SIGNATURE_2, AVR_SIGNATURE_3}; const uint8_t SignatureInfo[4] = {0x58, AVR_SIGNATURE_1, AVR_SIGNATURE_2, AVR_SIGNATURE_3};
uint8_t DataIndexToRead = SentCommand.Data[1]; uint8_t DataIndexToRead = SentCommand.Data[1];
bool ReadAddressInvalid = false;
if (IS_ONEBYTE_COMMAND(SentCommand.Data, 0x00)) // Read bootloader info if (IS_ONEBYTE_COMMAND(SentCommand.Data, 0x00)) // Read bootloader info
{ {
ResponseByte = BootloaderInfo[DataIndexToRead]; if (DataIndexToRead < 3)
ResponseByte = BootloaderInfo[DataIndexToRead];
else
ReadAddressInvalid = true;
} }
else if (IS_ONEBYTE_COMMAND(SentCommand.Data, 0x01)) // Read signature byte else if (IS_ONEBYTE_COMMAND(SentCommand.Data, 0x01)) // Read signature byte
{ {
if (DataIndexToRead < 0x60) switch (DataIndexToRead)
ResponseByte = SignatureInfo[DataIndexToRead - 0x30]; {
else case 0x30:
ResponseByte = SignatureInfo[DataIndexToRead - 0x60 + 3]; ResponseByte = SignatureInfo[0];
break;
case 0x31:
ResponseByte = SignatureInfo[1];
break;
case 0x60:
ResponseByte = SignatureInfo[2];
break;
case 0x61:
ResponseByte = SignatureInfo[3];
break;
default:
ReadAddressInvalid = true;
break;
}
}
if (ReadAddressInvalid)
{
/* Set the state and status variables to indicate the error */
DFU_State = dfuERROR;
DFU_Status = errADDRESS;
} }
} }

1
LUFA/DoxygenPages/ChangeLog.txt
View File

@ -32,6 +32,7 @@
* - Fixed incorrect signature reported in the CDC/DFU bootloaders for the AT90USB82 (thanks to NicoHood) * - Fixed incorrect signature reported in the CDC/DFU bootloaders for the AT90USB82 (thanks to NicoHood)
* - Fixed broken RNDIS demos on Linux machines whose DHCP hosts require a Lease Time option (thanks to Stefan Hellermann) * - Fixed broken RNDIS demos on Linux machines whose DHCP hosts require a Lease Time option (thanks to Stefan Hellermann)
* - Fixed broken LEDs_Disable() implementation for the Arduino Uno board (thanks to NicoHood) * - Fixed broken LEDs_Disable() implementation for the Arduino Uno board (thanks to NicoHood)
* - Fixed missing bounds checks and off-by-one in the DFU bootloader signature bytes (thanks to Reuti)
* *
* \section Sec_ChangeLog140928 Version 140928 * \section Sec_ChangeLog140928 Version 140928
* <b>New:</b> * <b>New:</b>