gitbot/qmk_firmware
0
0
Fork 0
mirror of https://github.com/qmk/qmk_firmware.git synced 2024-11-26 21:26:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
d86f65941c
qmk_firmware/quantum/xap
History
Stefan Kerkmann 1983421b7d
XAP: prevent OOB reads in config blob handler (#18926) 
This fixes two bugs:

1. An invalid offset could be specified which wasn't checked to be in
   the bounds of the config blob.
2. The data_len check was incorrect as it would allow reading one byte
   past the config blob lenght.

Before the changes the following operation wouldn't fail:

Assuming we have blob of 64 bytes size and attempt a read with an
offset of 32 and data_len of 32, we actually try to read 32 bytes
starting from the 33. byte in the config blob. This reads exactly
one byte past array. Therefore we have to subtract one byte the get
the correct length.
2022-11-01 15:54:56 +00:00
..
lighting_map.h Dump lighting maps out of inline gen 2022-10-16 23:55:44 +01:00
xap_handlers.c XAP: prevent OOB reads in config blob handler (#18926) 2022-11-01 15:54:56 +00:00
xap.c XAP: prevent OOB reads in config blob handler (#18926) 2022-11-01 15:54:56 +00:00
xap.h bind xap_broadcast_secure_status to secure_hook_quantum 2022-05-22 22:47:50 +01:00