From 15baea1e44c2c23cf498398261cd4baea822ac9d Mon Sep 17 00:00:00 2001 From: yellows8 Date: Tue, 10 Dec 2019 12:14:23 -0500 Subject: [PATCH] Fixed bounds-check in netloader loadnro cmd-line args validation. --- common/netloader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/netloader.c b/common/netloader.c index cff37ca..1464c24 100644 --- a/common/netloader.c +++ b/common/netloader.c @@ -477,7 +477,7 @@ int loadnro(menuEntry_s *me, int sock, struct in_addr remote) { } if (response == 0 ) { - if (netloaded_cmdlen > sizeof(me->args.buf)-1) netloaded_cmdlen = sizeof(me->args.buf)-1; + if ((me->args.dst+netloaded_cmdlen) >= (char*)(me->args.buf + sizeof(me->args.buf))) netloaded_cmdlen = (uintptr_t)me->args.buf + sizeof(me->args.buf)-1 - (uintptr_t)me->args.dst; len = recvall(sock,me->args.dst, netloaded_cmdlen,0);