Fix bounds on update ef.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2026-04-27 09:07:42 +02:00 · 2026-03-18 17:42:25 +01:00
parent 3af776ec26
commit 1f96fe619b
1 changed files with 3 additions and 3 deletions
--- a/src/hsm/cmd_update_ef.c
+++ b/src/hsm/cmd_update_ef.c
@@ -84,12 +84,12 @@ int cmd_update_ef(void) {
            if (!file_has_data(ef)) {
                return SW_DATA_INVALID();
            }
-            if (offset + data_len > file_get_size(ef)) {
+            if (offset + data_len > 4032) {
                return SW_WRONG_LENGTH();
            }

-            uint8_t *data_merge = (uint8_t *) calloc(1, offset + data_len);
-            memcpy(data_merge, file_get_data(ef), offset);
+            uint8_t *data_merge = (uint8_t *) calloc(1, MAX(offset + data_len, file_get_size(ef)));
+            memcpy(data_merge, file_get_data(ef), file_get_size(ef));
            memcpy(data_merge + offset, data, data_len);
            int r = file_put_data(ef, data_merge, offset + data_len);
            free(data_merge);