forksand
/
qmk_firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed missing bounds checks and off-by-one in the DFU bootloader signature bytes (thanks to Reuti)

Browse Source
pull/1469/head
Dean Camera 9 years ago
parent 4afebc8b70
commit 6b06bc6237
2 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File

37
Bootloaders/DFU/BootloaderDFU.c
Unescape View File

@ -818,18 +818,43 @@ static void ProcessReadCommand(void)
const uint8_t BootloaderInfo[3] = {BOOTLOADER_VERSION, BOOTLOADER_ID_BYTE1, BOOTLOADER_ID_BYTE2};
const uint8_t SignatureInfo[4] = {0x58, AVR_SIGNATURE_1, AVR_SIGNATURE_2, AVR_SIGNATURE_3};
uint8_t DataIndexToRead = SentCommand.Data[1];
uint8_t DataIndexToRead = SentCommand.Data[1];
bool ReadAddressInvalid = false;
if (IS_ONEBYTE_COMMAND(SentCommand.Data, 0x00)) // Read bootloader info
{
ResponseByte = BootloaderInfo[DataIndexToRead];
if (DataIndexToRead < 3)
ResponseByte = BootloaderInfo[DataIndexToRead];
else
ReadAddressInvalid = true;
}
else if (IS_ONEBYTE_COMMAND(SentCommand.Data, 0x01)) // Read signature byte
{
if (DataIndexToRead < 0x60)
ResponseByte = SignatureInfo[DataIndexToRead - 0x30];
else
ResponseByte = SignatureInfo[DataIndexToRead - 0x60 + 3];
switch (DataIndexToRead)
{
case 0x30:
ResponseByte = SignatureInfo[0];
break;
case 0x31:
ResponseByte = SignatureInfo[1];
break;
case 0x60:
ResponseByte = SignatureInfo[2];
break;
case 0x61:
ResponseByte = SignatureInfo[3];
break;
default:
ReadAddressInvalid = true;
break;
}
}
if (ReadAddressInvalid)
{
/* Set the state and status variables to indicate the error */
DFU_State = dfuERROR;
DFU_Status = errADDRESS;
}
}

1
LUFA/DoxygenPages/ChangeLog.txt
Unescape View File

@ -32,6 +32,7 @@
* - Fixed incorrect signature reported in the CDC/DFU bootloaders for the AT90USB82 (thanks to NicoHood)
* - Fixed broken RNDIS demos on Linux machines whose DHCP hosts require a Lease Time option (thanks to Stefan Hellermann)
* - Fixed broken LEDs_Disable() implementation for the Arduino Uno board (thanks to NicoHood)
* - Fixed missing bounds checks and off-by-one in the DFU bootloader signature bytes (thanks to Reuti)
*
* \section Sec_ChangeLog140928 Version 140928
* <b>New:</b>

Write Preview
Loading…
Cancel
Save