From 52f432a967b13d7409428ca8bbecbb28b56ad944 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 8 Apr 2023 09:03:32 +0200 Subject: [PATCH] fix memory alloc in hf mf rdsc, when sector was larger than 32 --- client/src/cmdhfmf.c | 3 ++- client/src/cmdhfmfp.c | 6 +++--- client/src/mifare/mifare4.c | 10 +++++----- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index adcb39d13..96c5f9fbc 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -927,7 +927,8 @@ static int CmdHF14AMfRdSc(const char *Cmd) { return PM3_EINVARG; } uint8_t sector = (uint8_t)s; - uint8_t sc_size = mfNumBlocksPerSector(sector) * MFBLOCK_SIZE; + uint16_t sc_size = mfNumBlocksPerSector(sector) * MFBLOCK_SIZE; + uint8_t *data = calloc(sc_size, sizeof(uint8_t)); if (data == NULL) { PrintAndLogEx(ERR, "failed to allocate memory"); diff --git a/client/src/cmdhfmfp.c b/client/src/cmdhfmfp.c index aa7480953..7c729cdc0 100644 --- a/client/src/cmdhfmfp.c +++ b/client/src/cmdhfmfp.c @@ -738,7 +738,7 @@ static int CmdHFMFPRdbl(const char *Cmd) { keyn[0] = uKeyNum >> 8; keyn[1] = uKeyNum & 0xff; if (verbose) - PrintAndLogEx(INFO, "--block:%d sector[%d]:%02x key:%04x", blockn, mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); + PrintAndLogEx(INFO, "--block:%d sector[%u]:%02x key:%04x", blockn, mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); mf4Session_t mf4session; int res = MifareAuth4(&mf4session, keyn, key, true, true, true, verbose, false); @@ -837,7 +837,7 @@ static int CmdHFMFPRdsc(const char *Cmd) { keyn[0] = uKeyNum >> 8; keyn[1] = uKeyNum & 0xff; if (verbose) - PrintAndLogEx(INFO, "--sector[%d]:%02x key:%04x", mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); + PrintAndLogEx(INFO, "--sector[%u]:%02x key:%04x", mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); mf4Session_t mf4session; int res = MifareAuth4(&mf4session, keyn, key, true, true, true, verbose, false); @@ -945,7 +945,7 @@ static int CmdHFMFPWrbl(const char *Cmd) { keyn[0] = uKeyNum >> 8; keyn[1] = uKeyNum & 0xff; if (verbose) - PrintAndLogEx(INFO, "--block:%d sector[%d]:%02x key:%04x", blockNum & 0xff, mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); + PrintAndLogEx(INFO, "--block:%d sector[%u]:%02x key:%04x", blockNum & 0xff, mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); mf4Session_t mf4session; int res = MifareAuth4(&mf4session, keyn, key, true, true, true, verbose, false); diff --git a/client/src/mifare/mifare4.c b/client/src/mifare/mifare4.c index 1ac6b6fed..058390659 100644 --- a/client/src/mifare/mifare4.c +++ b/client/src/mifare/mifare4.c @@ -407,12 +407,12 @@ int mfpReadSector(uint8_t sectorNo, uint8_t keyType, uint8_t *key, uint8_t *data keyn[0] = uKeyNum >> 8; keyn[1] = uKeyNum & 0xff; if (verbose) - PrintAndLogEx(INFO, "--sector[%d]:%02x key:%04x", mfNumBlocksPerSector(sectorNo), sectorNo, uKeyNum); + PrintAndLogEx(INFO, "--sector[%u]:%02x key:%04x", mfNumBlocksPerSector(sectorNo), sectorNo, uKeyNum); mf4Session_t _session; int res = MifareAuth4(&_session, keyn, key, true, true, true, verbose, false); if (res) { - PrintAndLogEx(ERR, "Sector %d authentication error: %d", sectorNo, res); + PrintAndLogEx(ERR, "Sector %u authentication error: %d", sectorNo, res); return res; } @@ -423,18 +423,18 @@ int mfpReadSector(uint8_t sectorNo, uint8_t keyType, uint8_t *key, uint8_t *data for (int n = firstBlockNo; n < firstBlockNo + mfNumBlocksPerSector(sectorNo); n++) { res = MFPReadBlock(&_session, plain, n & 0xff, 1, false, true, data, sizeof(data), &datalen, mac); if (res) { - PrintAndLogEx(ERR, "Sector %d read error: %d", sectorNo, res); + PrintAndLogEx(ERR, "Sector %u read error: %d", sectorNo, res); DropField(); return res; } if (datalen && data[0] != 0x90) { - PrintAndLogEx(ERR, "Sector %d card read error: %02x %s", sectorNo, data[0], mfpGetErrorDescription(data[0])); + PrintAndLogEx(ERR, "Sector %u card read error: %02x %s", sectorNo, data[0], mfpGetErrorDescription(data[0])); DropField(); return 5; } if (datalen != 1 + 16 + 8 + 2) { - PrintAndLogEx(ERR, "Sector %d error returned data length:%d", sectorNo, datalen); + PrintAndLogEx(ERR, "Sector %u error returned data length:%d", sectorNo, datalen); DropField(); return 6; }