From 2f432788cfe6f0ebc39a6dd6442320286d2f0108 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 20 Jun 2021 07:49:41 +0200 Subject: [PATCH] fix out-of-bounds access --- client/src/cmdhfmfdes.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index e2e315727..bec41af0b 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -2445,7 +2445,7 @@ static int CmdHF14ADesGetUID(const char *Cmd) { uint8_t uidlen = 16; // Get datalen + by removing padding. - while ((uidlen > 0) && (uid[uidlen] == 0x00)) + while ((uidlen > 0) && (uid[uidlen - 1] == 0x00)) uidlen--; if (tag->authentication_scheme == AS_LEGACY) @@ -2455,10 +2455,9 @@ static int CmdHF14ADesGetUID(const char *Cmd) { if (uidlen <= 4) // < incase we trimmed a CRC 00 or more uidlen = 4; - else + else uidlen = 7; -// PrintAndLogEx(SUCCESS, " UID: " _GREEN_("%s"), sprint_hex(uid, sizeof(uid))); PrintAndLogEx(SUCCESS, " UID: " _GREEN_("%s"), sprint_hex(uid, uidlen)); return res; }