From 211cd964d76889e37f40c2052a84fa602af08977 Mon Sep 17 00:00:00 2001
From: Aurora <davidone92@katamail.com>
Date: Sat, 22 Oct 2016 16:57:18 +0200
Subject: [PATCH] Move hexAtoi to strings.c, add bound check to decAtoi

---
 source/crypto.c  |  2 +-
 source/fs.c      |  8 +-------
 source/strings.c | 19 +++++++++++++++++--
 source/strings.h |  3 ++-
 4 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/source/crypto.c b/source/crypto.c
index e228a0e..43120ad 100755
--- a/source/crypto.c
+++ b/source/crypto.c
@@ -505,7 +505,7 @@ void kernel9Loader(Arm9Bin *arm9Section)
 
         //Decrypt ARM9 binary
         aes_use_keyslot(arm9BinSlot);
-        aes(startOfArm9Bin, startOfArm9Bin, decAtoi(arm9Section->size) / AES_BLOCK_SIZE, arm9BinCtr, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
+        aes(startOfArm9Bin, startOfArm9Bin, decAtoi(arm9Section->size, sizeof(arm9Section->size)) / AES_BLOCK_SIZE, arm9BinCtr, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
 
         if(*startOfArm9Bin != 0x47704770 && *startOfArm9Bin != 0xB0862000) error("Failed to decrypt the ARM9 binary.");
     }
diff --git a/source/fs.c b/source/fs.c
index 6ed6c9c..ea1bfa8 100644
--- a/source/fs.c
+++ b/source/fs.c
@@ -202,13 +202,7 @@ u32 firmRead(void *dest, u32 firmType)
             //Not a cxi
             if(info.fname[9] != 'a' || strlen(info.fname) != 12) continue;
 
-            //Convert the .app name to an integer
-            u32 tempVersion = 0;
-            for(char *tmp = info.altname; *tmp != '.'; tmp++)
-            {
-                tempVersion <<= 4;
-                tempVersion += *tmp > '9' ? *tmp - 'A' + 10 : *tmp - '0';
-            }
+            u32 tempVersion = hexAtoi(info.altname, 8);
 
             //Found an older cxi
             if(tempVersion < firmVersion) firmVersion = tempVersion;
diff --git a/source/strings.c b/source/strings.c
index c581877..bb704bf 100644
--- a/source/strings.c
+++ b/source/strings.c
@@ -79,11 +79,26 @@ void decItoa(u32 number, char *out, u32 digits)
     out[digits - 1] = '0' + number;
 }
 
-u32 decAtoi(const char *in)
+u32 hexAtoi(const char *in, u32 digits)
 {
     u32 res = 0;
+    char *tmp = (char *)in;
 
-    for(char *tmp = (char *)in; *tmp != 0; tmp++)
+    for(u32 i = 0; i < digits && *tmp != 0; tmp++, i++)
+    {
+        res <<= 4;
+        res += *tmp > '9' ? *tmp - 'A' + 10 : *tmp - '0';
+    }
+
+    return res;
+}
+
+u32 decAtoi(const char *in, u32 digits)
+{
+    u32 res = 0;
+    char *tmp = (char *)in;
+
+    for(u32 i = 0; i < digits && *tmp != 0; tmp++, i++)
         res = *tmp - '0' + res * 10;
 
     return res;
diff --git a/source/strings.h b/source/strings.h
index 3dbd67a..5a09378 100644
--- a/source/strings.h
+++ b/source/strings.h
@@ -28,4 +28,5 @@ u32 strlen(const char *string);
 void concatenateStrings(char *destination, const char *source);
 void hexItoa(u32 number, char *out, u32 digits, bool fillString);
 void decItoa(u32 number, char *out, u32 digits);
-u32 decAtoi(const char *in);
\ No newline at end of file
+u32 hexAtoi(const char *in, u32 digits);
+u32 decAtoi(const char *in, u32 digits);
\ No newline at end of file