From 6a42b424f4abe5a447b46b4be95b36817b237627 Mon Sep 17 00:00:00 2001
From: leslie <unknown>
Date: Sat, 5 Jan 2008 11:52:46 +0100
Subject: [PATCH] nagra 0501: additional checks in Bx processing

---
 systems/nagra/nagra2-0501.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/systems/nagra/nagra2-0501.c b/systems/nagra/nagra2-0501.c
index 04a0d78..ea76949 100644
--- a/systems/nagra/nagra2-0501.c
+++ b/systems/nagra/nagra2-0501.c
@@ -206,6 +206,14 @@ void cN2Prov0501::AddRomCallbacks(void)
 
 int cN2Prov0501::ProcessBx(unsigned char *data, int len, int pos)
 {
+  if(data[pos-1]!=0xBA) {
+    PRINTF(L_SYS_EMU,"%04X: bad nano %02X for ROM 120",id,data[pos-1]);
+    return -1;
+    }
+  if(pos!=(0x93-0x80)) { // maybe exploitable
+    PRINTF(L_SYS_EMU,"%04X: refuse to execute from %04x",id,0x80+pos);
+    return -1;
+    }
   if(Init(id,120)) {
     SetMem(0x80,data,len);
     SetPc(0x80+pos);
-- 
2.39.5