From 64767e244db7ae0c639cd63cf0db43e4a00cd9b0 Mon Sep 17 00:00:00 2001 From: Alessandro Ranellucci Date: Wed, 15 Aug 2018 18:54:32 +0200 Subject: [PATCH] Prevent calling inDataExchange() with a too long responseLength --- Adafruit_PN532.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Adafruit_PN532.cpp b/Adafruit_PN532.cpp index d8f5194..bc291be 100644 --- a/Adafruit_PN532.cpp +++ b/Adafruit_PN532.cpp @@ -650,6 +650,12 @@ bool Adafruit_PN532::inDataExchange(uint8_t * send, uint8_t sendLength, uint8_t #endif return false; } + if (*responseLength > PN532_PACKBUFFSIZ) { + #ifdef PN532DEBUG + PN532DEBUGPRINT.println(F("responseLength too long for packet buffer")); + #endif + return false; + } uint8_t i; pn532_packetbuffer[0] = 0x40; // PN532_COMMAND_INDATAEXCHANGE;