From 0655b6389e78fb6b1d89c6814bff5a7e2162b58c Mon Sep 17 00:00:00 2001
From: Jakub Kramarz <lenwe@lenwe.net>
Date: Thu, 8 May 2025 23:52:01 +0200
Subject: [PATCH] cmdhfseos: fix stack buffer overflow in select_DF_verify

increased CMAC buffer size, otherwise memset in aes_cmac writes 16-bytes to 8-byte buffer
---
 client/src/cmdhfseos.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/src/cmdhfseos.c b/client/src/cmdhfseos.c
index 6956f2f2c..a4dfbc2ac 100644
--- a/client/src/cmdhfseos.c
+++ b/client/src/cmdhfseos.c
@@ -562,7 +562,7 @@ static int select_DF_verify(uint8_t *response, uint8_t response_length, uint8_t
     }
 
     // ----------------- MAC Key Generation -----------------
-    uint8_t cmac[8];
+    uint8_t cmac[16];
     uint8_t MAC_key[24] = {0x00};
     memcpy(MAC_key, keys[key_index].privMacKey, 16);
     create_cmac(MAC_key, input, cmac, sizeof(input), encryption_algorithm);