From: leslie <unknown>
Date: Sat, 5 Jan 2008 10:52:46 +0000 (+0100)
Subject: nagra 0501: additional checks in Bx processing
X-Git-Tag: 0.8.7~12
X-Git-Url: http://www.vanbest.org/gitweb/?a=commitdiff_plain;h=6a42b424f4abe5a447b46b4be95b36817b237627;p=sasc-ng.git

nagra 0501: additional checks in Bx processing
---

diff --git a/systems/nagra/nagra2-0501.c b/systems/nagra/nagra2-0501.c
index 04a0d78..ea76949 100644
--- a/systems/nagra/nagra2-0501.c
+++ b/systems/nagra/nagra2-0501.c
@@ -206,6 +206,14 @@ void cN2Prov0501::AddRomCallbacks(void)
 
 int cN2Prov0501::ProcessBx(unsigned char *data, int len, int pos)
 {
+  if(data[pos-1]!=0xBA) {
+    PRINTF(L_SYS_EMU,"%04X: bad nano %02X for ROM 120",id,data[pos-1]);
+    return -1;
+    }
+  if(pos!=(0x93-0x80)) { // maybe exploitable
+    PRINTF(L_SYS_EMU,"%04X: refuse to execute from %04x",id,0x80+pos);
+    return -1;
+    }
   if(Init(id,120)) {
     SetMem(0x80,data,len);
     SetPc(0x80+pos);