rik/libwiiuse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added bounds safety checking

Browse Source
This commit is contained in:
Ryan Pavlik
2012-06-28 17:05:39 -05:00
parent 4d79373428
commit 0de7c661b7
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/classic.c
View File

@@ -49,6 +49,7 @@ static void classic_ctrl_pressed_buttons(struct classic_ctrl_t* cc, short now);
* *
* @return Returns 1 if handshake was successful, 0 if not. * @return Returns 1 if handshake was successful, 0 if not.
*/ */
#define HANDSHAKE_BYTES_USED 12
int classic_ctrl_handshake(struct wiimote_t* wm, struct classic_ctrl_t* cc, byte* data, unsigned short len) { int classic_ctrl_handshake(struct wiimote_t* wm, struct classic_ctrl_t* cc, byte* data, unsigned short len) {
int i; int i;
@@ -58,7 +59,7 @@ int classic_ctrl_handshake(struct wiimote_t* wm, struct classic_ctrl_t* cc, byte
cc->r_shoulder = 0; cc->r_shoulder = 0;
cc->l_shoulder = 0; cc->l_shoulder = 0;
if (data[0] == 0xFF) { if (data[0] == 0xFF || len < HANDSHAKE_BYTES_USED) {
/* /*
* Sometimes the data returned here is not correct. * Sometimes the data returned here is not correct.
* This might happen because the wiimote is lagging * This might happen because the wiimote is lagging
@@ -69,7 +70,7 @@ int classic_ctrl_handshake(struct wiimote_t* wm, struct classic_ctrl_t* cc, byte
* but since the next 16 bytes are the same, just use * but since the next 16 bytes are the same, just use
* those. * those.
*/ */
if (data[16] == 0xFF) { if (len < 17 || len < HANDSHAKE_BYTES_USED + 16 || data[16] == 0xFF) {
/* get the calibration data */ /* get the calibration data */
byte* handshake_buf = (byte *)malloc(EXP_HANDSHAKE_LEN * sizeof(byte)); byte* handshake_buf = (byte *)malloc(EXP_HANDSHAKE_LEN * sizeof(byte));

6
src/nunchuk.c
View File

@@ -48,6 +48,7 @@
* *
* @return Returns 1 if handshake was successful, 0 if not. * @return Returns 1 if handshake was successful, 0 if not.
*/ */
+#define HANDSHAKE_BYTES_USED 14
int nunchuk_handshake(struct wiimote_t* wm, struct nunchuk_t* nc, byte* data, unsigned short len) { int nunchuk_handshake(struct wiimote_t* wm, struct nunchuk_t* nc, byte* data, unsigned short len) {
int i; int i;
@@ -60,8 +61,7 @@ int nunchuk_handshake(struct wiimote_t* wm, struct nunchuk_t* nc, byte* data, un
nc->accel_calib.st_alpha = wm->accel_calib.st_alpha; nc->accel_calib.st_alpha = wm->accel_calib.st_alpha;
/* decrypt data */ /* decrypt data */
if (data[0] == 0xFF || len < HANDSHAKE_BYTES_USED) {
if (data[0] == 0xFF) {
/* /*
* Sometimes the data returned here is not correct. * Sometimes the data returned here is not correct.
* This might happen because the wiimote is lagging * This might happen because the wiimote is lagging
@@ -72,7 +72,7 @@ int nunchuk_handshake(struct wiimote_t* wm, struct nunchuk_t* nc, byte* data, un
* but since the next 16 bytes are the same, just use * but since the next 16 bytes are the same, just use
* those. * those.
*/ */
if (data[16] == 0xFF) { if (len < 17 || len < HANDSHAKE_BYTES_USED + 16 || data[16] == 0xFF) {
/* get the calibration data */ /* get the calibration data */
byte* handshake_buf = (byte *)malloc(EXP_HANDSHAKE_LEN * sizeof(byte)); byte* handshake_buf = (byte *)malloc(EXP_HANDSHAKE_LEN * sizeof(byte));