From 36f52312db44a95f8ed4751ee9e5affe2351cefd Mon Sep 17 00:00:00 2001
From: Matthew Kennedy <makenne@microsoft.com>
Date: Thu, 10 Dec 2020 23:36:45 -0800
Subject: [PATCH] bounds check flash writes

---
 firmware/bootloader/bootloader.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/firmware/bootloader/bootloader.cpp b/firmware/bootloader/bootloader.cpp
index 2abdecf..36bbbfb 100644
--- a/firmware/bootloader/bootloader.cpp
+++ b/firmware/bootloader/bootloader.cpp
@@ -156,6 +156,11 @@ void RunBootloaderLoop()
                 {
                     sendNak();
                 }
+                // Don't allow out of bounds writes
+                else if (embeddedData < 0 || embeddedData > 26 * 1024)
+                {
+                    sendNak();
+                }
                 else
                 {
                     Flash::Write(appFlashAddr + embeddedData, &frame.data8[0], frame.DLC);