github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 10:37:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix a bunch of potential buffer overruns with CLIGetStrWithReturn :

Browse source 
Most prominent one was "lf pac clone --cn 123456789" causing garbage on the terminal
Some changed code was valid before but as ppl tend to copy-paste to new code,
better to uniformize and document usages of CLIGetStrWithReturn.

Exceptions left are when filling real buffers (bin, raw,...), not strings.
This commit is contained in:
Philippe Teuwen 2024-07-30 22:23:04 +02:00
commit 153064ddfa
16 changed files with 31 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

4
doc/cliparser.md
View file

@ -256,8 +256,8 @@ CLIGetHexWithReturn(\<context\>, \<opt index\>, \<store variable\>, \<ptr to sto
CLIGetStrWithReturn(\<context\>,\<opt index\>, \<uint8_t \*\>, \<int \*\>);
If failed to retrieve string, it will exit fct
uint8_t buffer[100];
int slen = sizeof(buffer); // <- slen MUST be the maximum number of characters that you want returned. e.g. Buffer Size
uint8_t buffer[100] = {0};
int slen = sizeof(buffer) - 1; // <- slen MUST be the maximum number of characters that you want returned. e.g. Buffer Size - 1 if you need it to be null-terminated!
CLIGetStrWithReturn(ctx, 1, buffer, &slen);
**string option**