|
@@ -50,7 +50,7 @@ static int cs378x_recv(struct camd *c, uint8_t *data, int *data_len) {
|
50
|
50
|
c->ops.ident, auth_token, c->cs378x.auth_token);
|
51
|
51
|
}
|
52
|
52
|
|
53
|
|
- *data_len = 256;
|
|
53
|
+ *data_len = CAMD35_DATA_SIZE;
|
54
|
54
|
for (i = 0; i < *data_len; i += 16) { // Read and decrypt payload
|
55
|
55
|
fdread(c->server_fd, (char *)data + i, 16);
|
56
|
56
|
AES_decrypt(data + i, data + i, &c->cs378x.aes_decrypt_key);
|
|
@@ -96,9 +96,14 @@ static void cs378x_buf_init(struct camd *c, uint8_t *data, int data_len) {
|
96
|
96
|
}
|
97
|
97
|
|
98
|
98
|
static int cs378x_do_ecm(struct camd *c, struct camd_msg *msg) {
|
|
99
|
+ if (msg->data_len > CAMD35_DATA_SIZE) {
|
|
100
|
+ ts_LOGf("ERR | [%s] Data too long.\n", c->ops.ident);
|
|
101
|
+ return 0; // false
|
|
102
|
+ }
|
|
103
|
+
|
99
|
104
|
int to_send = boundary(4, CAMD35_HDR_LEN + msg->data_len);
|
100
|
105
|
|
101
|
|
- cs378x_buf_init(c, msg->data, (int)msg->data_len);
|
|
106
|
+ cs378x_buf_init(c, msg->data, msg->data_len);
|
102
|
107
|
|
103
|
108
|
c->cs378x.msg_id++;
|
104
|
109
|
|