bad memcpy based on size

This commit is contained in:
iceman1001 2020-10-06 23:45:04 +02:00
commit 02df6ebbf7

View file

@ -816,14 +816,16 @@ int mfEmlSetMem_xt(uint8_t *data, int blockNum, int blocksCount, int blockBtWidt
return PM3_ESOFT; return PM3_ESOFT;
} }
struct p *payload = calloc(1, sizeof(struct p) + size); size_t paylen = sizeof(struct p) + size;
struct p *payload = calloc(1, paylen);
payload->blockno = blockNum; payload->blockno = blockNum;
payload->blockcnt = blocksCount; payload->blockcnt = blocksCount;
payload->blockwidth = blockBtWidth; payload->blockwidth = blockBtWidth;
memcpy(payload->data, data, size); memcpy(payload->data, data, size);
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_HF_MIFARE_EML_MEMSET, (uint8_t *)payload, sizeof(payload) + size); SendCommandNG(CMD_HF_MIFARE_EML_MEMSET, (uint8_t *)payload, paylen);
free(payload); free(payload);
return PM3_SUCCESS; return PM3_SUCCESS;
} }