From: Dean Camera Date: Sat, 19 Jun 2021 07:37:55 +0000 (+1000) Subject: CCID Low Level Demo: Add missing request length check. X-Git-Url: http://git.linex4red.de/pub/lufa.git/commitdiff_plain/d6ba0495901f8c1a23c42699ff06490e83f8aa65 CCID Low Level Demo: Add missing request length check. --- diff --git a/Demos/Device/LowLevel/CCID/CCID.c b/Demos/Device/LowLevel/CCID/CCID.c index a4e83ff8a..c21462df4 100644 --- a/Demos/Device/LowLevel/CCID/CCID.c +++ b/Demos/Device/LowLevel/CCID/CCID.c @@ -563,6 +563,9 @@ void CCID_Task(void) (void)Bwi; (void)LevelParameter; + if (CCIDHeader.Length * sizeof(uint8_t) > sizeof(RequestBuffer)) + break; + Endpoint_Read_Stream_LE(RequestBuffer, CCIDHeader.Length * sizeof(uint8_t), NULL); uint8_t ResponseDataLength = 0; diff --git a/LUFA/Drivers/USB/Class/Device/CCIDClassDevice.c b/LUFA/Drivers/USB/Class/Device/CCIDClassDevice.c index 57d397bdb..d2801280c 100644 --- a/LUFA/Drivers/USB/Class/Device/CCIDClassDevice.c +++ b/LUFA/Drivers/USB/Class/Device/CCIDClassDevice.c @@ -249,7 +249,6 @@ void CCID_Device_USBTask(USB_ClassInfo_CCID_Device_t* const CCIDInterfaceInfo) { if (CCIDHeader.Length * sizeof(uint8_t) == sizeof(USB_CCID_ProtocolData_T0_t)) { - Endpoint_Read_Stream_LE(RequestBuffer, CCIDHeader.Length * sizeof(uint8_t), NULL); Status = CALLBACK_CCID_SetParameters_T0(CCIDInterfaceInfo, CCIDHeader.Slot, &Error, (USB_CCID_ProtocolData_T0_t*) RequestBuffer); if (CCID_CheckStatusNoError(Status))