diff --git a/src/hsm/cmd_update_ef.c b/src/hsm/cmd_update_ef.c
index 0508429..978af62 100644
--- a/src/hsm/cmd_update_ef.c
+++ b/src/hsm/cmd_update_ef.c
@@ -84,12 +84,12 @@ int cmd_update_ef(void) {
             if (!file_has_data(ef)) {
                 return SW_DATA_INVALID();
             }
-            if (offset + data_len > file_get_size(ef)) {
+            if (offset + data_len > 4032) {
                 return SW_WRONG_LENGTH();
             }
 
-            uint8_t *data_merge = (uint8_t *) calloc(1, offset + data_len);
-            memcpy(data_merge, file_get_data(ef), offset);
+            uint8_t *data_merge = (uint8_t *) calloc(1, MAX(offset + data_len, file_get_size(ef)));
+            memcpy(data_merge, file_get_data(ef), file_get_size(ef));
             memcpy(data_merge + offset, data, data_len);
             int r = file_put_data(ef, data_merge, offset + data_len);
             free(data_merge);