From 4eb11f470de576c6ce9694e6f8013b600f8a99a5 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 6 Oct 2020 17:14:10 +0200 Subject: [PATCH] reveng mem leaks --- client/deps/reveng/cli.c | 42 ++++++++++++++++++++++++++++++---------- client/src/cmdcrc.c | 27 ++++++++++++++++++-------- 2 files changed, 51 insertions(+), 18 deletions(-) diff --git a/client/deps/reveng/cli.c b/client/deps/reveng/cli.c index 88e8d3722..b0c72421b 100644 --- a/client/deps/reveng/cli.c +++ b/client/deps/reveng/cli.c @@ -167,8 +167,9 @@ int reveng_main(int argc, char *argv[]) { pkchop(&model.spoly); width = plen(model.spoly); rflags |= R_HAVEP; - if (c == 'P') + if (c == 'P') { prcp(&model.spoly); + } mnovel(&model); break; case 'l': /* l little-endian input and output */ @@ -332,6 +333,7 @@ ipqx: mbynum(&model, --args); ufound(&model); } while (args); + mfree(&model); break; case 'd': /* d dump CRC model */ /* maybe we don't want to do this: @@ -387,6 +389,10 @@ ipqx: apolys = calloc(args * sizeof(poly_t), sizeof(char)); if (!apolys) { uerror("cannot allocate memory for argument list"); + pfree(&model.spoly); + pfree(&model.init); + pfree(&model.xorout); + mfree(&model); return 0; } @@ -421,16 +427,20 @@ ipqx: continue; if (rflags & R_HAVEX && psncmp(&model.xorout, &pset.xorout)) continue; + apoly = pclone(pset.xorout); - if (pset.flags & P_REFOUT) + if (pset.flags & P_REFOUT) { prev(&apoly); + } + for (qptr = apolys; qptr < pptr; ++qptr) { crc = pcrc(*qptr, pset.spoly, pset.init, apoly, 0); if (ptst(crc)) { pfree(&crc); break; - } else + } else { pfree(&crc); + } } pfree(&apoly); if (qptr == pptr) { @@ -444,14 +454,19 @@ ipqx: /* toggle refIn/refOut and reflect arguments */ if (~rflags & R_HAVERI) { model.flags ^= P_REFIN | P_REFOUT; - for (qptr = apolys; qptr < pptr; ++qptr) + for (qptr = apolys; qptr < pptr; ++qptr) { prevch(qptr, ibperhx); + } } } while (~rflags & R_HAVERI && ++pass < 2); } + if (uflags & C_RESULT) { - for (qptr = apolys; qptr < pptr; ++qptr) + for (qptr = apolys; qptr < pptr; ++qptr) { pfree(qptr); + } + free(apolys); + mfree(&model); return 1; //exit(EXIT_SUCCESS); } @@ -467,8 +482,10 @@ ipqx: pass = 0; do { mptr = candmods = reveng(&model, qpoly, rflags, args, apolys); - if (mptr && plen(mptr->spoly)) + if (mptr && plen(mptr->spoly)) { uflags |= C_RESULT; + } + while (mptr && plen(mptr->spoly)) { /* results were printed by the callback * string = mtostr(mptr); @@ -478,26 +495,31 @@ ipqx: mfree(mptr++); } free(candmods); + if (~rflags & R_HAVERI) { model.flags ^= P_REFIN | P_REFOUT; - for (qptr = apolys; qptr < pptr; ++qptr) + for (qptr = apolys; qptr < pptr; ++qptr) { prevch(qptr, ibperhx); + } } } while (~rflags & R_HAVERI && ++pass < 2); - for (qptr = apolys; qptr < pptr; ++qptr) + + for (qptr = apolys; qptr < pptr; ++qptr) { pfree(qptr); + } + free(apolys); + if (~uflags & C_RESULT) uerror("no models found"); + break; default: /* no mode specified */ fprintf(stderr, "%s: no mode switch specified. Use %s -h for help.\n", myname, myname); return 0; - //exit(EXIT_FAILURE); } return 1; - //exit(EXIT_SUCCESS); } void diff --git a/client/src/cmdcrc.c b/client/src/cmdcrc.c index 472a361fe..964f19247 100644 --- a/client/src/cmdcrc.c +++ b/client/src/cmdcrc.c @@ -254,7 +254,6 @@ int RunModel(char *inModel, char *inHexStr, bool reverse, char endian, char *res int ibperhx = 8, obperhx = 8; // int rflags = 0; // search flags - int c; poly_t apoly, crc; char *string; @@ -266,7 +265,7 @@ int RunModel(char *inModel, char *inHexStr, bool reverse, char endian, char *res SETBMP(); //set model - c = mbynam(&model, inModel); + int c = mbynam(&model, inModel); if (!c) { PrintAndLogEx(ERR, "error: preset model '%s' not found. Use reveng -D to list presets. [%d]", inModel, c); return 0; @@ -406,7 +405,7 @@ static int CmdrevengSearch(const char *Cmd) { #define NMODELS 106 - char inHexStr[100] = {0x00}; + char inHexStr[256] = {0x00}; int dataLen = param_getstr(Cmd, 0, inHexStr, sizeof(inHexStr)); if (dataLen < 4) return 0; @@ -419,7 +418,12 @@ static int CmdrevengSearch(const char *Cmd) { char revResult[30]; int ans = GetModels(Models, &count, width); bool found = false; - if (!ans) return 0; + if (!ans) { + for (int i = 0; i < count; i++) { + free(Models[i]); + } + return 0; + } // try each model and get result for (int i = 0; i < count; i++) { @@ -430,8 +434,10 @@ static int CmdrevengSearch(const char *Cmd) { // round up to # of characters in this model's crc uint8_t crcChars = ((width[i] + 7) / 8) * 2; // can't test a model that has more crc digits than our data - if (crcChars >= dataLen) + if (crcChars >= dataLen) { + free(Models[i]); continue; + } PrintAndLogEx(DEBUG , "DEBUG: dataLen %d, crcChars %u, width[i] %u" @@ -440,8 +446,10 @@ static int CmdrevengSearch(const char *Cmd) { , width[i] ); - if (crcChars == 0) + if (crcChars == 0) { + free(Models[i]); continue; + } memset(result, 0, 30); char *inCRC = calloc(crcChars + 1, sizeof(char)); @@ -493,8 +501,10 @@ static int CmdrevengSearch(const char *Cmd) { free(Models[i]); } - if (!found) PrintAndLogEx(FAILED, "\nno matches found\n"); - return 1; + if (found == false) + PrintAndLogEx(FAILED, "\nno matches found\n"); + + return PM3_SUCCESS; } int CmdCrc(const char *Cmd) { @@ -510,6 +520,7 @@ int CmdCrc(const char *Cmd) { } else { reveng_main(argc, argv); } + for (int i = 0; i < argc; ++i) { free(argv[i]); }