From 0848d43bc9ba1c6370e39a1c9b3f6cefdc90de26 Mon Sep 17 00:00:00 2001
From: Dmitry Isaenko <developer.su@gmail.com>
Date: Sun, 10 May 2020 20:30:45 +0300
Subject: [PATCH] Add NXDT_FILE_PROPERTIES_MAX_NAME_LENGTH validation

---
 src/main/java/nsusbloader/Utilities/NxdtUsbAbi1.java | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/main/java/nsusbloader/Utilities/NxdtUsbAbi1.java b/src/main/java/nsusbloader/Utilities/NxdtUsbAbi1.java
index 5244c15..11299a1 100644
--- a/src/main/java/nsusbloader/Utilities/NxdtUsbAbi1.java
+++ b/src/main/java/nsusbloader/Utilities/NxdtUsbAbi1.java
@@ -44,6 +44,7 @@ class NxdtUsbAbi1 {
 
     private static final int NXDT_MAX_COMMAND_SIZE = 0x1000;
     private static final int NXDT_FILE_CHUNK_SIZE = 0x800000;
+    private static final int NXDT_FILE_PROPERTIES_MAX_NAME_LENGTH = 0x300;
 
     private static final byte ABI_VERSION = 1;
     private static final byte[] MAGIC_NXDT = { 0x4e, 0x58, 0x44, 0x54 };
@@ -183,6 +184,12 @@ class NxdtUsbAbi1 {
         final int fileNameLen = getLEint(message, 0x18);
         String filename = new String(message, 0x20, fileNameLen, StandardCharsets.UTF_8);
 
+        if (fileNameLen == 0 || fileNameLen > NXDT_FILE_PROPERTIES_MAX_NAME_LENGTH){
+            writeUsb(USBSTATUS_MALFORMED_REQUEST);
+            logPrinter.print("Invalid filename length!", EMsgType.FAIL);
+            return;
+        }
+
         logPrinter.print("Write request for: '"+filename+"' ("+fileSize+" bytes)", EMsgType.INFO);
         // If RomFs related
         if (isRomFs(filename)) {