search

stefaandesmet2003 / stlinkswim

1 stars 1 forks source link

Overflow possible from bad usb msg #5

Open schneidersoft opened 1 year ago

schneidersoft commented 1 year ago

https://github.com/stefaandesmet2003/stlinkswim/blob/80e039d1fadfcaa6bac2437eb2b26763f74b312e/src/main.c#L359C61-L359C61

      // we already received STLINK_SWIM_WRITEMEM, but expect more bytes to write
      memcpy(swimBuffer+stlinkStatus.curBytes,epBuffer,len);

It is possible to cause a buffer overflow simply by sending a write command followed by more data, where the data is more than SWIM_BUFFERSIZE

stefaandesmet2003 commented 1 year ago

stm8flash and openocd respect the SWIM_BUFFERSIZE from the original stlink this repo is proof of concept code - feel free to improve you could try to figure out how stlink responds when more than SWIM_BUFFERSIZE bytes are sent, and implement the same behaviour here.