Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Overflow possible from bad usb msg #5

Open
schneidersoft opened this issue Aug 6, 2023 · 1 comment
Open

Overflow possible from bad usb msg #5

schneidersoft opened this issue Aug 6, 2023 · 1 comment

Comments

@schneidersoft
Copy link

https://github.com/stefaandesmet2003/stlinkswim/blob/80e039d1fadfcaa6bac2437eb2b26763f74b312e/src/main.c#L359C61-L359C61

      // we already received STLINK_SWIM_WRITEMEM, but expect more bytes to write
      memcpy(swimBuffer+stlinkStatus.curBytes,epBuffer,len);

It is possible to cause a buffer overflow simply by sending a write command followed by more data, where the data is more than SWIM_BUFFERSIZE
@stefaandesmet2003
Copy link
Owner

stm8flash and openocd respect the SWIM_BUFFERSIZE from the original stlink
this repo is proof of concept code - feel free to improve
you could try to figure out how stlink responds when more than SWIM_BUFFERSIZE bytes are sent, and implement the same behaviour here.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@schneidersoft @stefaandesmet2003