Out-of-Bounds reads on TM/TC/AOS Frames

Question

Out-of-Bounds reads on TM/TC/AOS Frames

Donnie-Ice opened this issue a month ago · 0 comments

It is possible to get a seg fault by first passing an invalid index to sa_if->sa_get_from_spi(spi, &sa_ptr), then dereferencing the pointer in the // Determine SA Service Type code blocks in crypto_aos.c, crypto_tc.c, and crypto_tm.c.

To fix this, check if the SPI is within the SA array length before retrieving the SA pointer in get_sa_from_spi()