i += (k * 2);
+ IF_TRUE_RETURN((i >= outBufferSize), TADC_PARAMETER_ERROR);
+
outBuffer[i] = 0;
StrSize = i - reqdataset_size;
}
int TADC_GetResponseRO(unsigned char *inBuffer, T_ROACQ_INFO *t_ROAcqInfo,
- T_RO *t_RO, unsigned char *outBuffer)
+ T_RO *t_RO, unsigned char *outBuffer, unsigned int outBufferLen)
{
int nHMacSize = 28; // Base64 Enc length of SHA1 20byte
TADC_U8 sha1_tmp[20] = {0, };
IF_TRUE_RETURN(t_RO == NULL, TADC_PARAMETER_ERROR);
nSize = TADC_IF_StrLen((char *)inBuffer);
- IF_TRUE_RETURN(nSize <= 40 || nSize > RESP_MAXSIZE, TADC_PARAMETER_ERROR);
+ IF_TRUE_RETURN(nSize <= 40 || nSize > RESP_MAXSIZE || nSize >= (int)outBufferLen, TADC_PARAMETER_ERROR);
IF_TRUE_RETURN(t_ROAcqInfo->t_DHInfo.pSize <= 0 ||
t_ROAcqInfo->t_DHInfo.pSize > DHKey_SIZE, TADC_PARAMETER_ERROR);