Buffer overflow in MXC_SYS_GetUSN / sys_me15.c

[pedrofza]

Board

• Max32670

Files:

• MaximSDK\Libraries\PeriphDrivers\Source\SYS\sys_me15.c
• MaximSDK\Libraries\PeriphDrivers\Include\MAX32670\mxc_sys.h

Affected versions that I checked:

• February 2024 Release
• main branch

The docstring for MXC_SYS_GetUSN states that the parameter usn must be at least MXC_SYS_USN_LEN (13) bytes long.

However, it looks like the implementation in sys_me15.c will unconditionally memset the first MXC_SYS_USN_CHECKSUM_LEN (16) bytes of usn, resulting in a buffer overflow if usn has the minimum size of MXC_SYS_USN_LEN bytes, as stated in the docstring.