From 3b0f6d37ac18052c283eb343302f4bd44b93a360 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Sat, 5 Feb 2022 13:40:10 +0200 Subject: [PATCH 1/3] CID 373714 --- client/src/cipurse/cipursecore.c | 1 - 1 file changed, 1 deletion(-) diff --git a/client/src/cipurse/cipursecore.c b/client/src/cipurse/cipursecore.c index d1b514ee7..855e1e56d 100644 --- a/client/src/cipurse/cipursecore.c +++ b/client/src/cipurse/cipursecore.c @@ -455,7 +455,6 @@ const char *CIPURSEGetSMR(uint8_t smr) { default: return "unknown"; } - return "unknown"; } void CIPURSEPrintSMR(uint8_t *smrrec) { From 2b0d75db9fb4ca706185462b4b7f0e3b3b65841f Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Sat, 5 Feb 2022 13:42:38 +0200 Subject: [PATCH 2/3] CID 373712 --- client/src/cmdhfcipurse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/cmdhfcipurse.c b/client/src/cmdhfcipurse.c index 1e4a89c31..f419e730d 100644 --- a/client/src/cmdhfcipurse.c +++ b/client/src/cmdhfcipurse.c @@ -961,7 +961,7 @@ static int CmdHFCipurseWriteFileAttr(const char *Cmd) { SetAPDULogging(APDULogging); if (verbose) { - PrintAndLogEx(INFO, "attribtes data[%zu]: %s", hdatalen, sprint_hex(hdata, hdatalen)); + PrintAndLogEx(INFO, "attribtes data[%d]: %s", hdatalen, sprint_hex(hdata, hdatalen)); CIPURSEPrintFileUpdateAttr(hdata, hdatalen); } From bec606b2648352959aaa1926a0a22a01141d9d76 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Sat, 5 Feb 2022 13:51:36 +0200 Subject: [PATCH 3/3] fix `Read from pointer after free` --- client/src/cmdhfcipurse.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/client/src/cmdhfcipurse.c b/client/src/cmdhfcipurse.c index f419e730d..44475bf55 100644 --- a/client/src/cmdhfcipurse.c +++ b/client/src/cmdhfcipurse.c @@ -210,7 +210,9 @@ static int CLIParseCommandParametersEx(CLIParserContext *ctx, size_t keyid, size *useaid = false; if (aidid && aid && aidlen) { hdatalen = sizeof(hdata); - CLIGetHexWithReturn(ctx, aidid, hdata, &hdatalen); + if (CLIParamHexToBuf(arg_get_str(ctx, aidid), hdata, hdatalen, &hdatalen)) + return PM3_ESOFT; + if (hdatalen && (hdatalen < 1 || hdatalen > 16)) { PrintAndLogEx(ERR, _RED_("ERROR:") " application id length must be 1-16 bytes only"); return PM3_EINVARG; @@ -232,7 +234,9 @@ static int CLIParseCommandParametersEx(CLIParserContext *ctx, size_t keyid, size *usefid = false; if (fidid && fid) { hdatalen = sizeof(hdata); - CLIGetHexWithReturn(ctx, fidid, hdata, &hdatalen); + if (CLIParamHexToBuf(arg_get_str(ctx, fidid), hdata, hdatalen, &hdatalen)) + return PM3_ESOFT; + if (hdatalen && hdatalen != 2) { PrintAndLogEx(ERR, _RED_("ERROR:") " file id length must be 2 bytes only"); return PM3_EINVARG; @@ -250,7 +254,8 @@ static int CLIParseCommandParametersEx(CLIParserContext *ctx, size_t keyid, size *usechfid = false; if (chfidid && chfid) { hdatalen = sizeof(hdata); - CLIGetHexWithReturn(ctx, chfidid, hdata, &hdatalen); + if (CLIParamHexToBuf(arg_get_str(ctx, chfidid), hdata, hdatalen, &hdatalen)) + return PM3_ESOFT; if (hdatalen && hdatalen != 2) { PrintAndLogEx(ERR, _RED_("ERROR:") " child file id length must be 2 bytes only"); return PM3_EINVARG;