diff --git a/CHANGELOG.md b/CHANGELOG.md index a16eb2122..7cc3295fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Change use of `sprintf` in code to `snprintf` to fix compilation on macOS (@Doridian) - Change `hf mf mad` - it now takes a dump file for offline MAD decoding (@iceman1001) - Fixed Standalone mode hf_iceclass - wrong fpga image set (@iceman1001) - Fixed `hf iclass sim` - wrong fpga image set (@iceman1001) Thanks to NVX! diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index c837a3380..b86335c66 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -552,6 +552,8 @@ if (NOT SKIPPYTHON EQUAL 1) endif (NOT SKIPPYTHON EQUAL 1) message(STATUS "===================================================================") +add_definitions(-DHAVE_SNPRINTF) + add_executable(proxmark3 ${PM3_ROOT}/client/src/proxmark3.c ${TARGET_SOURCES} diff --git a/client/Makefile b/client/Makefile index 2178f6686..e2dd1a224 100644 --- a/client/Makefile +++ b/client/Makefile @@ -402,6 +402,8 @@ ifeq ($(SWIG_PYTHON_FOUND),1) PM3CFLAGS += -DHAVE_PYTHON_SWIG endif +PM3CFLAGS += -DHAVE_SNPRINTF + CXXFLAGS ?= -Wall -Werror -O3 PM3CXXFLAGS = $(CXXFLAGS) PM3CXXFLAGS += -I../include -I./include @@ -415,6 +417,8 @@ ifeq ($(QT_FOUND),1) endif endif +PM3CXXFLAGS += -DHAVE_SNPRINTF + LDFLAGS ?= $(DEFLDFLAGS) PM3LDFLAGS = $(LDFLAGS) ifeq ($(platform),Darwin) diff --git a/client/deps/hardnested/hardnested_bruteforce.c b/client/deps/hardnested/hardnested_bruteforce.c index 11715609f..b5b36595c 100644 --- a/client/deps/hardnested/hardnested_bruteforce.c +++ b/client/deps/hardnested/hardnested_bruteforce.c @@ -173,8 +173,8 @@ crack_states_thread(void *x) { char progress_text[80]; char keystr[19]; - sprintf(keystr, "%012" PRIX64 " ", key); - sprintf(progress_text, "Brute force phase completed. Key found: " _GREEN_("%s"), keystr); + snprintf(keystr, sizeof(keystr), "%012" PRIX64 " ", key); + snprintf(progress_text, sizeof(progress_text), "Brute force phase completed. Key found: " _GREEN_("%s"), keystr); hardnested_print_progress(thread_arg->num_acquired_nonces, progress_text, 0.0, 0); break; } else if (keys_found) { @@ -182,7 +182,7 @@ crack_states_thread(void *x) { } else { if (!thread_arg->silent) { char progress_text[80]; - sprintf(progress_text, "Brute force phase: %6.02f%%\t", 100.0 * (float)num_keys_tested / (float)(thread_arg->maximum_states)); + snprintf(progress_text, sizeof(progress_text), "Brute force phase: %6.02f%%\t", 100.0 * (float)num_keys_tested / (float)(thread_arg->maximum_states)); float remaining_bruteforce = thread_arg->nonces[thread_arg->best_first_bytes[0]].expected_num_brute_force - (float)num_keys_tested / 2; hardnested_print_progress(thread_arg->num_acquired_nonces, progress_text, remaining_bruteforce, 5000); } diff --git a/client/deps/hardnested/hardnested_tables.c b/client/deps/hardnested/hardnested_tables.c index b124345d0..ce2f42cff 100644 --- a/client/deps/hardnested/hardnested_tables.c +++ b/client/deps/hardnested/hardnested_tables.c @@ -200,7 +200,7 @@ static inline uint32_t count_states(uint32_t *bitset) { static void write_bitflips_file(odd_even_t odd_even, uint16_t bitflip, int sum_a0, uint32_t *bitset, uint32_t count) { char filename[80]; - sprintf(filename, "bitflip_%d_%03" PRIx16 "_sum%d_states.bin", odd_even, bitflip, sum_a0); + snprintf(filename, sizeof(filename), "bitflip_%d_%03" PRIx16 "_sum%d_states.bin", odd_even, bitflip, sum_a0); FILE *outfile = fopen(filename, "wb"); fwrite(&count, 1, sizeof(count), outfile); fwrite(bitset, 1, sizeof(uint32_t) * (1 << 19), outfile); diff --git a/client/deps/liblua/lobject.c b/client/deps/liblua/lobject.c index 79ac0b5e6..d46790cf7 100644 --- a/client/deps/liblua/lobject.c +++ b/client/deps/liblua/lobject.c @@ -215,7 +215,7 @@ const char *luaO_pushvfstring(lua_State *L, const char *fmt, va_list argp) { } case 'p': { char buff[4 * sizeof(void *) + 8]; /* should be enough space for a `%p' */ - int l = sprintf(buff, "%p", va_arg(argp, void *)); + int l = snprintf(buff, sizeof(buff), "%p", va_arg(argp, void *)); pushstr(L, buff, l); break; } diff --git a/client/deps/liblua/lstrlib.c b/client/deps/liblua/lstrlib.c index 57b4ebc4b..ed6f1b7b7 100644 --- a/client/deps/liblua/lstrlib.c +++ b/client/deps/liblua/lstrlib.c @@ -879,9 +879,9 @@ static void addquoted(lua_State *L, luaL_Buffer *b, int arg) { } else if (*s == '\0' || iscntrl(uchar(*s))) { char buff[10]; if (!isdigit(uchar(*(s + 1)))) - sprintf(buff, "\\%d", (int)uchar(*s)); + snprintf(buff, sizeof(buff), "\\%d", (int)uchar(*s)); else - sprintf(buff, "\\%03d", (int)uchar(*s)); + snprintf(buff, sizeof(buff), "\\%03d", (int)uchar(*s)); luaL_addstring(b, buff); } else luaL_addchar(b, *s); @@ -947,7 +947,7 @@ static int str_format(lua_State *L) { strfrmt = scanformat(L, strfrmt, form); switch (*strfrmt++) { case 'c': { - nb = sprintf(buff, form, luaL_checkint(L, arg)); + nb = snprintf(buff, MAX_ITEM, form, luaL_checkint(L, arg)); break; } case 'd': @@ -958,7 +958,7 @@ static int str_format(lua_State *L) { luaL_argcheck(L, -1 < diff && diff < 1, arg, "not a number in proper range"); addlenmod(form, LUA_INTFRMLEN); - nb = sprintf(buff, form, ni); + nb = snprintf(buff, MAX_ITEM, form, ni); break; } case 'o': @@ -971,7 +971,7 @@ static int str_format(lua_State *L) { luaL_argcheck(L, -1 < diff && diff < 1, arg, "not a non-negative number in proper range"); addlenmod(form, LUA_INTFRMLEN); - nb = sprintf(buff, form, ni); + nb = snprintf(buff, MAX_ITEM, form, ni); break; } case 'e': @@ -984,7 +984,7 @@ static int str_format(lua_State *L) { case 'g': case 'G': { addlenmod(form, LUA_FLTFRMLEN); - nb = sprintf(buff, form, (LUA_FLTFRM_T)luaL_checknumber(L, arg)); + nb = snprintf(buff, MAX_ITEM, form, (LUA_FLTFRM_T)luaL_checknumber(L, arg)); break; } case 'q': { @@ -1000,7 +1000,7 @@ static int str_format(lua_State *L) { luaL_addvalue(&b); break; } else { - nb = sprintf(buff, form, s); + nb = snprintf(buff, MAX_ITEM, form, s); lua_pop(L, 1); /* remove result from 'luaL_tolstring' */ break; } diff --git a/client/deps/liblua/luaconf.h b/client/deps/liblua/luaconf.h index d1c8364ee..77445383f 100644 --- a/client/deps/liblua/luaconf.h +++ b/client/deps/liblua/luaconf.h @@ -408,7 +408,7 @@ */ #define LUA_NUMBER_SCAN "%lf" #define LUA_NUMBER_FMT "%.14g" -#define lua_number2str(s,n) sprintf((s), LUA_NUMBER_FMT, (n)) +#define lua_number2str(s,l,n) snprintf((s), (l), LUA_NUMBER_FMT, (n)) #define LUAI_MAXNUMBER2STR 32 /* 16 digits, sign, point, and \0 */ diff --git a/client/deps/liblua/lvm.c b/client/deps/liblua/lvm.c index 14a03573c..0f295138b 100644 --- a/client/deps/liblua/lvm.c +++ b/client/deps/liblua/lvm.c @@ -49,7 +49,7 @@ int luaV_tostring(lua_State *L, StkId obj) { else { char s[LUAI_MAXNUMBER2STR]; lua_Number n = nvalue(obj); - int l = lua_number2str(s, n); + int l = lua_number2str(s, sizeof(s), n); setsvalue2s(L, obj, luaS_newlstr(L, s, l)); return 1; } diff --git a/client/deps/reveng/model.c b/client/deps/reveng/model.c index 297f638db..a4dc0358e 100644 --- a/client/deps/reveng/model.c +++ b/client/deps/reveng/model.c @@ -107,7 +107,7 @@ char *mtostr(const model_t *model) { checkstr = ptostr(model->check, P_RTJUST, 4); magicstr = ptostr(model->magic, P_RTJUST, 4); - sprintf(strbuf, "%lu", plen(model->spoly)); + snprintf(strbuf, sizeof(strbuf), "%lu", plen(model->spoly)); size = 82 + strlen(strbuf) @@ -120,26 +120,26 @@ char *mtostr(const model_t *model) { + (magicstr && *magicstr ? strlen(magicstr) : 6) + (model->name && *model->name ? 2 + strlen(model->name) : 6); if ((string = calloc(size, sizeof(uint8_t)))) { - sprintf(strbuf, "\"%s\"", model->name); - sprintf(string, - "width=%lu " - "poly=0x%s " - "init=0x%s " - "refin=%s " - "refout=%s " - "xorout=0x%s " - "check=0x%s " - "residue=0x%s " - "name=%s", - plen(model->spoly), - polystr && *polystr ? polystr : "(none)", - initstr && *initstr ? initstr : "(none)", - (model->flags & P_REFIN) ? "true" : "false", - (model->flags & P_REFOUT) ? "true" : "false", - xorotstr && *xorotstr ? xorotstr : "(none)", - checkstr && *checkstr ? checkstr : "(none)", - magicstr && *magicstr ? magicstr : "(none)", - (model->name && *model->name) ? strbuf : "(none)"); + snprintf(strbuf, sizeof(strbuf), "\"%s\"", model->name); + snprintf(string, size * sizeof(uint8_t), + "width=%lu " + "poly=0x%s " + "init=0x%s " + "refin=%s " + "refout=%s " + "xorout=0x%s " + "check=0x%s " + "residue=0x%s " + "name=%s", + plen(model->spoly), + polystr && *polystr ? polystr : "(none)", + initstr && *initstr ? initstr : "(none)", + (model->flags & P_REFIN) ? "true" : "false", + (model->flags & P_REFOUT) ? "true" : "false", + xorotstr && *xorotstr ? xorotstr : "(none)", + checkstr && *checkstr ? checkstr : "(none)", + magicstr && *magicstr ? magicstr : "(none)", + (model->name && *model->name) ? strbuf : "(none)"); } free(polystr); free(initstr); diff --git a/client/src/cmddata.c b/client/src/cmddata.c index b4fc71744..ad7879650 100644 --- a/client/src/cmddata.c +++ b/client/src/cmddata.c @@ -1967,11 +1967,11 @@ int CmdTuneSamples(const char *Cmd) { memset(judgement, 0, sizeof(judgement)); // LF evaluation if (package->peak_v < LF_UNUSABLE_V) - sprintf(judgement, _RED_("UNUSABLE")); + snprintf(judgement, sizeof(judgement), _RED_("UNUSABLE")); else if (package->peak_v < LF_MARGINAL_V) - sprintf(judgement, _YELLOW_("MARGINAL")); + snprintf(judgement, sizeof(judgement), _YELLOW_("MARGINAL")); else - sprintf(judgement, _GREEN_("OK")); + snprintf(judgement, sizeof(judgement), _GREEN_("OK")); PrintAndLogEx((package->peak_v < LF_UNUSABLE_V) ? WARNING : SUCCESS, "LF antenna is %s", judgement); @@ -1988,11 +1988,11 @@ int CmdTuneSamples(const char *Cmd) { PrintAndLogEx(SUCCESS, "Approx. Q factor (*): %.1lf by peak voltage measurement", hfq); } if (package->v_hf < HF_UNUSABLE_V) - sprintf(judgement, _RED_("UNUSABLE")); + snprintf(judgement, sizeof(judgement), _RED_("UNUSABLE")); else if (package->v_hf < HF_MARGINAL_V) - sprintf(judgement, _YELLOW_("MARGINAL")); + snprintf(judgement, sizeof(judgement), _YELLOW_("MARGINAL")); else - sprintf(judgement, _GREEN_("OK")); + snprintf(judgement, sizeof(judgement), _GREEN_("OK")); PrintAndLogEx((package->v_hf < HF_UNUSABLE_V) ? WARNING : SUCCESS, "HF antenna is %s", judgement); PrintAndLogEx(NORMAL, "\n(*) Q factor must be measured without tag on the antenna"); @@ -3094,23 +3094,28 @@ static int CmdDiff(const char *Cmd) { char ca = inA[j]; char cb = inB[j]; + int dlnALen = strlen(dlnA); + int dlnBLen = strlen(dlnB); + int dlnAiiLen = strlen(dlnAii); + int dlnBiiLen = strlen(dlnBii); + if (inA[j] != inB[j]) { // diff / add colors - sprintf(dlnA + strlen(dlnA), _GREEN_("%02X "), inA[j]); - sprintf(dlnB + strlen(dlnB), _RED_("%02X "), inB[j]); - sprintf(dlnAii + strlen(dlnAii), _GREEN_("%c"), ((ca < 32) || (ca == 127)) ? '.' : ca); - sprintf(dlnBii + strlen(dlnBii), _RED_("%c"), ((cb < 32) || (cb == 127)) ? '.' : cb); + snprintf(dlnA + dlnALen, sizeof(dlnA) - dlnALen, _GREEN_("%02X "), inA[j]); + snprintf(dlnB + dlnBLen, sizeof(dlnB) - dlnBLen, _RED_("%02X "), inB[j]); + snprintf(dlnAii + dlnAiiLen, sizeof(dlnAii) - dlnAiiLen, _GREEN_("%c"), ((ca < 32) || (ca == 127)) ? '.' : ca); + snprintf(dlnBii + dlnBiiLen, sizeof(dlnBii) - dlnBiiLen, _RED_("%c"), ((cb < 32) || (cb == 127)) ? '.' : cb); } else { // normal - sprintf(dlnA + strlen(dlnA), "%02X ", inA[j]); - sprintf(dlnB + strlen(dlnB), "%02X ", inB[j]); - sprintf(dlnAii + strlen(dlnAii), "%c", ((ca < 32) || (ca == 127)) ? '.' : ca); - sprintf(dlnBii + strlen(dlnBii), "%c", ((cb < 32) || (cb == 127)) ? '.' : cb); + snprintf(dlnA + dlnALen, sizeof(dlnA) - dlnALen, "%02X ", inA[j]); + snprintf(dlnB + dlnBLen, sizeof(dlnB) - dlnBLen, "%02X ", inB[j]); + snprintf(dlnAii + dlnAiiLen, sizeof(dlnAii) - dlnAiiLen, "%c", ((ca < 32) || (ca == 127)) ? '.' : ca); + snprintf(dlnBii + dlnBiiLen, sizeof(dlnBii) - dlnBiiLen, "%c", ((cb < 32) || (cb == 127)) ? '.' : cb); } } - sprintf(line, "%s%s | %s%s", dlnA, dlnAii, dlnB, dlnBii); + snprintf(line, sizeof(line), "%s%s | %s%s", dlnA, dlnAii, dlnB, dlnBii); } PrintAndLogEx(INFO, "%03X | %s", i, line); } diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index 0a9f3d22c..0df6ad56f 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -634,7 +634,8 @@ static int CmdHF14ACUIDs(const char *Cmd) { } else { char uid_string[20]; for (uint16_t m = 0; m < card->uidlen; m++) { - sprintf(&uid_string[2 * m], "%02X", card->uid[m]); + int offset = 2 * m; + snprintf(uid_string + offset, sizeof(uid_string) - offset, "%02X", card->uid[m]); } PrintAndLogEx(SUCCESS, "%s", uid_string); } @@ -1377,7 +1378,8 @@ static int waitCmd(bool i_select, uint32_t timeout, bool verbose) { bool crc = check_crc(CRC_14443_A, data, len); char s[16]; - sprintf(s, + snprintf(s, + sizeof(s), (crc) ? _GREEN_("%02X %02X") : _RED_("%02X %02X"), data[len - 2], data[len - 1] diff --git a/client/src/cmdhf14b.c b/client/src/cmdhf14b.c index a096aac54..d981727b4 100644 --- a/client/src/cmdhf14b.c +++ b/client/src/cmdhf14b.c @@ -494,48 +494,31 @@ static int print_atqb_resp(uint8_t *data, uint8_t cid) { } // get SRx chip model (from UID) // from ST Microelectronics -static char *get_st_chip_model(uint8_t data) { - static char model[20]; - char *retStr = model; - memset(model, 0, sizeof(model)); - +static const char *get_st_chip_model(uint8_t data) { switch (data) { case 0x0: - sprintf(retStr, "SRIX4K (Special)"); - break; + return "SRIX4K (Special)"; case 0x2: - sprintf(retStr, "SR176"); - break; + return "SR176"; case 0x3: - sprintf(retStr, "SRIX4K"); - break; + return "SRIX4K"; case 0x4: - sprintf(retStr, "SRIX512"); - break; + return "SRIX512"; case 0x6: - sprintf(retStr, "SRI512"); - break; + return "SRI512"; case 0x7: - sprintf(retStr, "SRI4K"); - break; + return "SRI4K"; case 0xC: - sprintf(retStr, "SRT512"); - break; + return "SRT512"; default : - sprintf(retStr, "Unknown"); - break; + return "Unknown"; } - return retStr; } -static char *get_st_lock_info(uint8_t model, const uint8_t *lockbytes, uint8_t blk) { - - static char str[16]; - char *s = str; - sprintf(s, " "); - +#define ST_LOCK_INFO_EMPTY " " +static const char *get_st_lock_info(uint8_t model, const uint8_t *lockbytes, uint8_t blk) { if (blk > 15) { - return s; + return ST_LOCK_INFO_EMPTY; } uint8_t mask = 0; @@ -571,12 +554,12 @@ static char *get_st_lock_info(uint8_t model, const uint8_t *lockbytes, uint8_t b mask = 0x80; break; default: - return s; + return ST_LOCK_INFO_EMPTY; } if ((lockbytes[1] & mask) == 0) { - sprintf(s, _RED_("1")); + return _RED_("1"); } - return s; + return ST_LOCK_INFO_EMPTY; } case 0x4: // SRIX512 case 0x6: // SRI512 @@ -642,9 +625,9 @@ static char *get_st_lock_info(uint8_t model, const uint8_t *lockbytes, uint8_t b break; } if ((lockbytes[b] & mask) == 0) { - sprintf(s, _RED_("1")); + return _RED_("1"); } - return s; + return ST_LOCK_INFO_EMPTY; } case 0x2: { // SR176 //need data[2] @@ -684,14 +667,14 @@ static char *get_st_lock_info(uint8_t model, const uint8_t *lockbytes, uint8_t b } // iceman: this is opposite! need sample to test with. if ((lockbytes[0] & mask)) { - sprintf(s, _RED_("1")); + return _RED_("1"); } - return s; + return ST_LOCK_INFO_EMPTY; } default: break; } - return s; + return ST_LOCK_INFO_EMPTY; } static uint8_t get_st_chipid(const uint8_t *uid) { @@ -1258,7 +1241,7 @@ static int CmdHF14BWriteSri(const char *Cmd) { char str[36]; memset(str, 0x00, sizeof(str)); - sprintf(str, "--sr -c --data %02x%02x%02x%02x%02x%02x", ISO14443B_WRITE_BLK, blockno, data[0], data[1], data[2], data[3]); + snprintf(str, sizeof(str), "--sr -c --data %02x%02x%02x%02x%02x%02x", ISO14443B_WRITE_BLK, blockno, data[0], data[1], data[2], data[3]); return CmdHF14BCmdRaw(str); } @@ -1439,8 +1422,7 @@ static int CmdHF14BDump(const char *Cmd) { // save to file if (fnlen < 1) { PrintAndLogEx(INFO, "using UID as filename"); - char *fptr = filename; - fptr += sprintf(fptr, "hf-14b-"); + char *fptr = filename + snprintf(filename, sizeof(filename), "hf-14b-"); FillFileNameByUID(fptr, SwapEndian64(card.uid, card.uidlen, 8), "-dump", card.uidlen); } diff --git a/client/src/cmdhf15.c b/client/src/cmdhf15.c index 5ac00a837..d780056a6 100644 --- a/client/src/cmdhf15.c +++ b/client/src/cmdhf15.c @@ -1406,9 +1406,9 @@ static int CmdHF15Dump(const char *Cmd) { for (int i = 0; i < blocknum; i++) { char lck[16] = {0}; if (mem[i].lock) { - sprintf(lck, _RED_("%d"), mem[i].lock); + snprintf(lck, sizeof(lck), _RED_("%d"), mem[i].lock); } else { - sprintf(lck, "%d", mem[i].lock); + snprintf(lck, sizeof(lck), "%d", mem[i].lock); } PrintAndLogEx(INFO, "%3d/0x%02X | %s | %s | %s" , i @@ -1624,9 +1624,9 @@ static int CmdHF15Readmulti(const char *Cmd) { for (int i = start; i < stop; i += 5) { char lck[16] = {0}; if (data[i]) { - sprintf(lck, _RED_("%d"), data[i]); + snprintf(lck, sizeof(lck), _RED_("%d"), data[i]); } else { - sprintf(lck, "%d", data[i]); + snprintf(lck, sizeof(lck), "%d", data[i]); } PrintAndLogEx(INFO, "%3d/0x%02X | %s | %s | %s", currblock, currblock, sprint_hex(data + i + 1, 4), lck, sprint_ascii(data + i + 1, 4)); currblock++; @@ -1746,9 +1746,9 @@ static int CmdHF15Readblock(const char *Cmd) { // print response char lck[16] = {0}; if (data[1]) { - sprintf(lck, _RED_("%d"), data[1]); + snprintf(lck, sizeof(lck), _RED_("%d"), data[1]); } else { - sprintf(lck, "%d", data[1]); + snprintf(lck, sizeof(lck), "%d", data[1]); } PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, " #%3d |lck| ascii", block); diff --git a/client/src/cmdhfcryptorf.c b/client/src/cmdhfcryptorf.c index db17c75c0..552c25590 100644 --- a/client/src/cmdhfcryptorf.c +++ b/client/src/cmdhfcryptorf.c @@ -410,8 +410,7 @@ static int CmdHFCryptoRFDump(const char *Cmd) { if (fnlen < 1) { PrintAndLogEx(INFO, "Using UID as filename"); - char *fptr = filename; - fptr += sprintf(fptr, "hf-cryptorf-"); + char *fptr = filename + snprintf(filename, sizeof(filename), "hf-cryptorf-"); FillFileNameByUID(fptr, card.uid, "-dump", card.uidlen); } @@ -524,8 +523,7 @@ static int CmdHFCryptoRFESave(const char *Cmd) { // user supplied filename? if (fnlen < 1) { PrintAndLogEx(INFO, "Using UID as filename"); - char *fptr = filename; - fptr += sprintf(fptr, "hf-cryptorf-"); + char *fptr = filename + snprintf(filename, sizeof(filename), "hf-cryptorf-"); FillFileNameByUID(fptr, data, "-dump", 4); } diff --git a/client/src/cmdhfemrtd.c b/client/src/cmdhfemrtd.c index 99ab68e5a..44c116b16 100644 --- a/client/src/cmdhfemrtd.c +++ b/client/src/cmdhfemrtd.c @@ -887,7 +887,7 @@ static bool emrtd_do_bac(char *documentnumber, char *dob, char *expiry, uint8_t char expirycd = emrtd_calculate_check_digit(expiry); char kmrz[25]; - sprintf(kmrz, "%s%i%s%i%s%i", documentnumber, documentnumbercd, dob, dobcd, expiry, expirycd); + snprintf(kmrz, sizeof(kmrz), "%s%i%s%i%s%i", documentnumber, documentnumbercd, dob, dobcd, expiry, expirycd); PrintAndLogEx(DEBUG, "kmrz.............. " _GREEN_("%s"), kmrz); uint8_t kseed[20] = { 0x00 }; @@ -1281,16 +1281,16 @@ static void emrtd_print_issuance(char *data, bool ascii) { static void emrtd_print_personalization_timestamp(uint8_t *data) { char str_date[0x0F] = { 0x00 }; - strcpy(str_date, sprint_hex_inrow(data, 0x07)); + strncpy(str_date, sprint_hex_inrow(data, 0x07), sizeof(str_date) - 1); char final_date[20] = { 0x00 }; - sprintf(final_date, "%.4s-%.2s-%.2s %.2s:%.2s:%.2s", str_date, str_date + 4, str_date + 6, str_date + 8, str_date + 10, str_date + 12); + snprintf(final_date, sizeof(final_date), "%.4s-%.2s-%.2s %.2s:%.2s:%.2s", str_date, str_date + 4, str_date + 6, str_date + 8, str_date + 10, str_date + 12); PrintAndLogEx(SUCCESS, "Personalization at....: " _YELLOW_("%s"), final_date); } static void emrtd_print_unknown_timestamp_5f85(uint8_t *data) { char final_date[20] = { 0x00 }; - sprintf(final_date, "%.4s-%.2s-%.2s %.2s:%.2s:%.2s", data, data + 4, data + 6, data + 8, data + 10, data + 12); + snprintf(final_date, sizeof(final_date), "%.4s-%.2s-%.2s %.2s:%.2s:%.2s", data, data + 4, data + 6, data + 8, data + 10, data + 12); PrintAndLogEx(SUCCESS, "Unknown timestamp 5F85: " _YELLOW_("%s"), final_date); PrintAndLogEx(HINT, "This is very likely the personalization timestamp, but it is using an undocumented tag."); @@ -1433,11 +1433,12 @@ static int emrtd_print_ef_dg2_info(uint8_t *data, size_t datalen) { bool is_jpg = (data[offset] == 0xFF); - char *fn = calloc(strlen(dg_table[EF_DG2].filename) + 4 + 1, sizeof(uint8_t)); + size_t fn_len = strlen(dg_table[EF_DG2].filename) + 4 + 1; + char *fn = calloc(fn_len, sizeof(uint8_t)); if (fn == NULL) return PM3_EMALLOC; - sprintf(fn, "%s.%s", dg_table[EF_DG2].filename, (is_jpg) ? "jpg" : "jp2"); + snprintf(fn, fn_len * sizeof(uint8_t), "%s.%s", dg_table[EF_DG2].filename, (is_jpg) ? "jpg" : "jp2"); PrintAndLogEx(DEBUG, "image filename `" _YELLOW_("%s") "`", fn); @@ -1492,11 +1493,12 @@ static int emrtd_print_ef_dg5_info(uint8_t *data, size_t datalen) { bool is_jpg = (data[offset] == 0xFF); - char *fn = calloc(strlen(dg_table[EF_DG5].filename) + 4 + 1, sizeof(uint8_t)); + size_t fn_len = strlen(dg_table[EF_DG5].filename) + 4 + 1; + char *fn = calloc(fn_len, sizeof(uint8_t)); if (fn == NULL) return PM3_EMALLOC; - sprintf(fn, "%s.%s", dg_table[EF_DG5].filename, (is_jpg) ? "jpg" : "jp2"); + snprintf(fn, fn_len * sizeof(uint8_t), "%s.%s", dg_table[EF_DG5].filename, (is_jpg) ? "jpg" : "jp2"); PrintAndLogEx(DEBUG, "image filename `" _YELLOW_("%s") "`", fn); diff --git a/client/src/cmdhfepa.c b/client/src/cmdhfepa.c index 4f230ea04..c676cc2f5 100644 --- a/client/src/cmdhfepa.c +++ b/client/src/cmdhfepa.c @@ -81,9 +81,11 @@ static int CmdHFEPACollectPACENonces(const char *Cmd) { PrintAndLogEx(FAILED, "Error in step %" PRId64 ", Return code: %" PRId64, resp.oldarg[0], resp.oldarg[1]); } else { size_t nonce_length = resp.oldarg[1]; + size_t nonce_length_bytes = 2 * nonce_length + 1; char *nonce = (char *) calloc(2 * nonce_length + 1, sizeof(uint8_t)); for (int j = 0; j < nonce_length; j++) { - sprintf(nonce + (2 * j), "%02X", resp.data.asBytes[j]); + int nonce_offset = 2 * j; + snprintf(nonce + nonce_offset, (nonce_length_bytes * sizeof(uint8_t)) - nonce_offset, "%02X", resp.data.asBytes[j]); } // print nonce PrintAndLogEx(SUCCESS, "Length: %zu, Nonce: %s", nonce_length, nonce); diff --git a/client/src/cmdhffido.c b/client/src/cmdhffido.c index f518be172..4609b93cb 100644 --- a/client/src/cmdhffido.c +++ b/client/src/cmdhffido.c @@ -372,11 +372,15 @@ static int CmdHFFidoRegister(const char *cmd) { PrintAndLogEx(INFO, ""); PrintAndLogEx(INFO, "auth command: "); char command[500] = {0}; - sprintf(command, "hf fido auth --kh %s", sprint_hex_inrow(&buf[67], keyHandleLen)); - if (chlen) - sprintf(command + strlen(command), " --%s %s", cpplain ? "cp" : "cpx", cpplain ? (char *)cdata : sprint_hex_inrow(cdata, 32)); - if (applen) - sprintf(command + strlen(command), " --%s %s", applain ? "cp" : "cpx", applain ? (char *)adata : sprint_hex_inrow(adata, 32)); + snprintf(command, sizeof(command), "hf fido auth --kh %s", sprint_hex_inrow(&buf[67], keyHandleLen)); + if (chlen) { + size_t command_len = strlen(command); + snprintf(command + command_len, sizeof(command) - command_len, " --%s %s", cpplain ? "cp" : "cpx", cpplain ? (char *)cdata : sprint_hex_inrow(cdata, 32)); + } + if (applen) { + size_t command_len = strlen(command); + snprintf(command + command_len, sizeof(command) - command_len, " --%s %s", applain ? "cp" : "cpx", applain ? (char *)adata : sprint_hex_inrow(adata, 32)); + } PrintAndLogEx(INFO, "%s", command); if (root) { diff --git a/client/src/cmdhflist.c b/client/src/cmdhflist.c index ae3f2fb81..04256eed8 100644 --- a/client/src/cmdhflist.c +++ b/client/src/cmdhflist.c @@ -1521,10 +1521,11 @@ static void mf_get_paritybinstr(char *s, uint32_t val, uint8_t par) { num_to_bytes(val, sizeof(uint32_t), foo); for (uint8_t i = 0; i < 4; i++) { if (oddparity8(foo[i]) != ((par >> (7 - (i & 0x0007))) & 0x01)) - sprintf(s++, "1"); + *(s++) = '1'; else - sprintf(s++, "0"); + *(s++) = '0'; } + s[0] = '\0'; } bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isResponse, uint8_t *mfData, size_t *mfDataLen, const uint64_t *dicKeys, uint32_t dicKeysCount) { diff --git a/client/src/cmdhflto.c b/client/src/cmdhflto.c index 136895c19..feed30cf3 100644 --- a/client/src/cmdhflto.c +++ b/client/src/cmdhflto.c @@ -683,8 +683,7 @@ static int CmdHfLTODump(const char *Cmd) { } if (strlen(filename) == 0) { - char *fptr = filename; - fptr += sprintf(fptr, "hf-lto-"); + char *fptr = filename + snprintf(filename, sizeof(filename), "hf-lto-"); FillFileNameByUID(fptr, dump, "-dump", 5); } saveFile(filename, ".bin", dump, dump_len); diff --git a/client/src/cmdhfmfhard.c b/client/src/cmdhfmfhard.c index f4ba72cbc..10e76e2d4 100644 --- a/client/src/cmdhfmfhard.c +++ b/client/src/cmdhfmfhard.c @@ -118,7 +118,7 @@ static void print_progress_header(void) { char progress_text[80]; char instr_set[12] = ""; get_SIMD_instruction_set(instr_set); - sprintf(progress_text, "Start using " _YELLOW_("%d") " threads and " _YELLOW_("%s") " SIMD core", num_CPUs(), instr_set); + snprintf(progress_text, sizeof(progress_text), "Start using " _YELLOW_("%d") " threads and " _YELLOW_("%s") " SIMD core", num_CPUs(), instr_set); PrintAndLogEx(INFO, "Hardnested attack starting..."); PrintAndLogEx(INFO, "---------+---------+---------------------------------------------------------+-----------------+-------"); @@ -136,13 +136,13 @@ void hardnested_print_progress(uint32_t nonces, const char *activity, float brut float brute_force_time = brute_force / brute_force_per_second; char brute_force_time_string[20]; if (brute_force_time < 90) { - sprintf(brute_force_time_string, "%2.0fs", brute_force_time); + snprintf(brute_force_time_string, sizeof(brute_force_time_string), "%2.0fs", brute_force_time); } else if (brute_force_time < 60 * 90) { - sprintf(brute_force_time_string, "%2.0fmin", brute_force_time / 60); + snprintf(brute_force_time_string, sizeof(brute_force_time_string), "%2.0fmin", brute_force_time / 60); } else if (brute_force_time < 60 * 60 * 36) { - sprintf(brute_force_time_string, "%2.0fh", brute_force_time / (60 * 60)); + snprintf(brute_force_time_string, sizeof(brute_force_time_string), "%2.0fh", brute_force_time / (60 * 60)); } else { - sprintf(brute_force_time_string, "%2.0fd", brute_force_time / (60 * 60 * 24)); + snprintf(brute_force_time_string, sizeof(brute_force_time_string), "%2.0fd", brute_force_time / (60 * 60 * 24)); } PrintAndLogEx(INFO, " %7.0f | %7u | %-55s | %15.0f | %5s", (float)total_time / 1000.0, nonces, activity, brute_force, brute_force_time_string); } @@ -263,9 +263,9 @@ static void init_bitflip_bitarrays(void) { bitflip_bitarrays[odd_even][bitflip] = NULL; count_bitflip_bitarrays[odd_even][bitflip] = 1 << 24; - sprintf(state_file_name, STATE_FILE_TEMPLATE, odd_even, bitflip); - strcpy(state_files_path, STATE_FILES_DIRECTORY); - strcat(state_files_path, state_file_name); + snprintf(state_file_name, sizeof(state_file_name), STATE_FILE_TEMPLATE, odd_even, bitflip); + strncpy(state_files_path, STATE_FILES_DIRECTORY, sizeof(state_files_path) - 1); + strncat(state_files_path, state_file_name, sizeof(state_files_path) - (strlen(STATE_FILES_DIRECTORY) + 1)); char *path; if (searchFile(&path, RESOURCES_SUBDIR, state_files_path, "", true) != PM3_SUCCESS) { @@ -371,7 +371,7 @@ static void init_bitflip_bitarrays(void) { } #endif char progress_text[80]; - sprintf(progress_text, "Using %d precalculated bitflip state tables", num_all_effective_bitflips); + snprintf(progress_text, sizeof(progress_text), "Using %d precalculated bitflip state tables", num_all_effective_bitflips); hardnested_print_progress(0, progress_text, (float)(1LL << 47), 0); } @@ -1080,9 +1080,9 @@ static int read_nonce_file(char *filename) { fclose(fnonces); char progress_string[80]; - sprintf(progress_string, "Read %u nonces from file. cuid = %08x", num_acquired_nonces, cuid); + snprintf(progress_string, sizeof(progress_string), "Read %u nonces from file. cuid = %08x", num_acquired_nonces, cuid); hardnested_print_progress(num_acquired_nonces, progress_string, (float)(1LL << 47), 0); - sprintf(progress_string, "Target Block=%d, Keytype=%c", trgBlockNo, trgKeyType == 0 ? 'A' : 'B'); + snprintf(progress_string, sizeof(progress_string), "Target Block=%d, Keytype=%c", trgBlockNo, trgKeyType == 0 ? 'A' : 'B'); hardnested_print_progress(num_acquired_nonces, progress_string, (float)(1LL << 47), 0); bool got_match = false; @@ -1311,7 +1311,7 @@ static int simulate_acquire_nonces(void) { } char progress_text[80]; - sprintf(progress_text, "Simulating key %012" PRIx64 ", cuid %08" PRIx32 " ...", known_target_key, cuid); + snprintf(progress_text, sizeof(progress_text), "Simulating key %012" PRIx64 ", cuid %08" PRIx32 " ...", known_target_key, cuid); hardnested_print_progress(0, progress_text, (float)(1LL << 47), 0); fprintf(fstats, "%012" PRIx64 ";%" PRIx32 ";", known_target_key, cuid); @@ -1353,7 +1353,7 @@ static int simulate_acquire_nonces(void) { acquisition_completed = shrink_key_space(&brute_force_depth); if (!reported_suma8) { char progress_string[80]; - sprintf(progress_string, "Apply Sum property. Sum(a0) = %d", sums[first_byte_Sum]); + snprintf(progress_string, sizeof(progress_string), "Apply Sum property. Sum(a0) = %d", sums[first_byte_Sum]); hardnested_print_progress(num_acquired_nonces, progress_string, brute_force_depth, 0); reported_suma8 = true; } else { @@ -1491,7 +1491,7 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_ acquisition_completed = shrink_key_space(&brute_force_depth); if (!reported_suma8) { char progress_string[80]; - sprintf(progress_string, "Apply Sum property. Sum(a0) = %d", sums[first_byte_Sum]); + snprintf(progress_string, sizeof(progress_string), "Apply Sum property. Sum(a0) = %d", sums[first_byte_Sum]); hardnested_print_progress(num_acquired_nonces, progress_string, brute_force_depth, 0); reported_suma8 = true; } else { @@ -1662,7 +1662,7 @@ static inline bool bitflips_match(uint8_t byte, uint32_t state, odd_even_t odd_e #ifdef DEBUG_KEY_ELIMINATION if (!quiet && known_target_key != -1 && state == test_state[odd_even]) { PrintAndLogEx(INFO, "Initial state lists: " _YELLOW_("%s") " test state eliminated by bitflip property.", odd_even == EVEN_STATE ? "even" : "odd"); - sprintf(failstr, "Initial " _YELLOW_("%s") " byte Bitflip property", odd_even == EVEN_STATE ? "even" : "odd"); + snprintf(failstr, sizeof(failstr), "Initial " _YELLOW_("%s") " byte Bitflip property", odd_even == EVEN_STATE ? "even" : "odd"); } #endif return false; @@ -1713,7 +1713,7 @@ static bool all_bitflips_match(uint8_t byte, uint32_t state, odd_even_t odd_even byte2, num_common); if (failstr[0] == '\0') { - sprintf(failstr, "Other 1st Byte %s, all_bitflips_match(), no match", odd_even ? "odd" : "even"); + snprintf(failstr, sizeof(failstr), "Other 1st Byte %s, all_bitflips_match(), no match", odd_even ? "odd" : "even"); } } # endif @@ -2232,9 +2232,9 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc for (uint32_t i = 0; i < tests; i++) { start_time = msclock(); print_progress_header(); - sprintf(progress_text, "Brute force benchmark: %1.0f million (2^%1.1f) keys/s", brute_force_per_second / 1000000, log(brute_force_per_second) / log(2.0)); + snprintf(progress_text, sizeof(progress_text), "Brute force benchmark: %1.0f million (2^%1.1f) keys/s", brute_force_per_second / 1000000, log(brute_force_per_second) / log(2.0)); hardnested_print_progress(0, progress_text, (float)(1LL << 47), 0); - sprintf(progress_text, "Starting Test #%" PRIu32 " ...", i + 1); + snprintf(progress_text, sizeof(progress_text), "Starting Test #%" PRIu32 " ...", i + 1); hardnested_print_progress(0, progress_text, (float)(1LL << 47), 0); if (trgkey != NULL) { @@ -2298,10 +2298,10 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc prepare_bf_test_nonces(nonces, best_first_bytes[0]); for (uint8_t j = 0; j < NUM_SUMS && !key_found; j++) { float expected_brute_force = nonces[best_first_bytes[0]].expected_num_brute_force; - sprintf(progress_text, "(%d. guess: Sum(a8) = %" PRIu16 ")", j + 1, sums[nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx]); + snprintf(progress_text, sizeof(progress_text), "(%d. guess: Sum(a8) = %" PRIu16 ")", j + 1, sums[nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx]); hardnested_print_progress(num_acquired_nonces, progress_text, expected_brute_force, 0); if (sums[nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx] != real_sum_a8) { - sprintf(progress_text, "(Estimated Sum(a8) is WRONG! Correct Sum(a8) = %" PRIu16 ")", real_sum_a8); + snprintf(progress_text, sizeof(progress_text), "(Estimated Sum(a8) is WRONG! Correct Sum(a8) = %" PRIu16 ")", real_sum_a8); hardnested_print_progress(num_acquired_nonces, progress_text, expected_brute_force, 0); } generate_candidates(first_byte_Sum, nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx); @@ -2344,7 +2344,7 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc } else { start_time = msclock(); print_progress_header(); - sprintf(progress_text, "Brute force benchmark: %1.0f million (2^%1.1f) keys/s", brute_force_per_second / 1000000, log(brute_force_per_second) / log(2.0)); + snprintf(progress_text, sizeof(progress_text), "Brute force benchmark: %1.0f million (2^%1.1f) keys/s", brute_force_per_second / 1000000, log(brute_force_per_second) / log(2.0)); hardnested_print_progress(0, progress_text, (float)(1LL << 47), 0); init_bitflip_bitarrays(); init_part_sum_bitarrays(); @@ -2424,11 +2424,11 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc for (uint8_t j = 0; j < NUM_SUMS && !key_found; j++) { float expected_brute_force = nonces[best_first_bytes[0]].expected_num_brute_force; - sprintf(progress_text, "(%d. guess: Sum(a8) = %" PRIu16 ")", j + 1, sums[nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx]); + snprintf(progress_text, sizeof(progress_text), "(%d. guess: Sum(a8) = %" PRIu16 ")", j + 1, sums[nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx]); hardnested_print_progress(num_acquired_nonces, progress_text, expected_brute_force, 0); if (trgkey != NULL && sums[nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx] != real_sum_a8) { - sprintf(progress_text, "(Estimated Sum(a8) is WRONG! Correct Sum(a8) = %" PRIu16 ")", real_sum_a8); + snprintf(progress_text, sizeof(progress_text), "(Estimated Sum(a8) is WRONG! Correct Sum(a8) = %" PRIu16 ")", real_sum_a8); hardnested_print_progress(num_acquired_nonces, progress_text, expected_brute_force, 0); } diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index e110554d6..38c2b7d4a 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -103,23 +103,18 @@ static uint8_t UL_MEMORY_ARRAY[ARRAYLEN(UL_TYPES_ARRAY)] = { //------------------------------------ // get version nxp product type -static char *getProductTypeStr(uint8_t id) { - +static const char *getProductTypeStr(uint8_t id) { static char buf[20]; - char *retStr = buf; switch (id) { case 3: - sprintf(retStr, "%02X, Ultralight", id); - break; + return "Ultralight"; case 4: - sprintf(retStr, "%02X, NTAG", id); - break; + return "NTAG"; default: - sprintf(retStr, "%02X, unknown", id); - break; + snprintf(buf, sizeof(buf), "%02X, unknown", id); + return buf; } - return buf; } static int ul_print_nxp_silicon_info(uint8_t *card_uid) { @@ -160,10 +155,9 @@ static int ul_print_nxp_silicon_info(uint8_t *card_uid) { the LSBit is set to '0' if the size is exactly 2^n and set to '1' if the storage size is between 2^n and 2^(n+1). */ -static char *getUlev1CardSizeStr(uint8_t fsize) { +static const char *getUlev1CardSizeStr(uint8_t fsize) { static char buf[40]; - char *retStr = buf; memset(buf, 0, sizeof(buf)); uint16_t usize = 1 << ((fsize >> 1) + 1); @@ -171,9 +165,9 @@ static char *getUlev1CardSizeStr(uint8_t fsize) { // is LSB set? if (fsize & 1) - sprintf(retStr, "%02X, (%u <-> %u bytes)", fsize, usize, lsize); + snprintf(buf, sizeof(buf), "%02X, (%u <-> %u bytes)", fsize, usize, lsize); else - sprintf(retStr, "%02X, (%u bytes)", fsize, lsize); + snprintf(buf, sizeof(buf), "%02X, (%u bytes)", fsize, lsize); return buf; } @@ -551,34 +545,38 @@ static int ndef_print_CC(uint8_t *data) { uint8_t cc_minor = (data[1] & 0x30) >> 4; uint8_t cc_major = (data[1] & 0xC0) >> 6; - char wStr[50]; - memset(wStr, 0, sizeof(wStr)); + const char *wStr; switch (cc_write) { case 0: - sprintf(wStr, "Write access granted without any security"); + wStr = "Write access granted without any security"; break; case 1: - sprintf(wStr, "RFU"); + wStr = "RFU"; break; case 2: - sprintf(wStr, "Proprietary"); + wStr = "Proprietary"; break; case 3: - sprintf(wStr, "No write access"); + wStr = "No write access"; + break; + default: + wStr = "Unknown"; break; } - char rStr[46]; - memset(rStr, 0, sizeof(rStr)); + const char *rStr; switch (cc_read) { case 0: - sprintf(rStr, "Read access granted without any security"); + rStr = "Read access granted without any security"; break; case 1: case 3: - sprintf(rStr, "RFU"); + rStr = "RFU"; break; case 2: - sprintf(rStr, "Proprietary"); + rStr = "Proprietary"; + break; + default: + rStr = "Unknown"; break; } @@ -1329,7 +1327,7 @@ static int mfu_fingerprint(TagTypeUL_t tagtype, bool hasAuthKey, uint8_t *authke if (item->Pwd) { char s[40] = {0}; - sprintf(s, item->hint, item->Pwd(uid)); + snprintf(s, sizeof(s), item->hint, item->Pwd(uid)); PrintAndLogEx(HINT, "Use `" _YELLOW_("%s") "`", s); } else { PrintAndLogEx(HINT, "Use `" _YELLOW_("%s") "`", item->hint); @@ -2708,12 +2706,13 @@ static int CmdHF14AMfUeLoad(const char *Cmd) { CLIExecWithReturn(ctx, Cmd, argtable, false); CLIParserFree(ctx); - char *nc = calloc(strlen(Cmd) + 6, 1); + size_t nc_len = strlen(Cmd) + 6; + char *nc = calloc(nc_len, 1); if (nc == NULL) { return CmdHF14AMfELoad(Cmd); } - sprintf(nc, "%s --ul", Cmd); + snprintf(nc, nc_len, "%s --ul", Cmd); int res = CmdHF14AMfELoad(nc); free(nc); @@ -3913,10 +3912,10 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) { PrintAndLogEx(INFO, "hf 14a raw -s -c 3e00 --> read tearing 0"); PrintAndLogEx(NORMAL, ""); char read_cnt_str[30]; - sprintf(read_cnt_str, "hf 14a raw -s -c 39%02x", counter); + snprintf(read_cnt_str, sizeof(read_cnt_str), "hf 14a raw -s -c 39%02x", counter); CommandReceived(read_cnt_str); char read_tear_str[30]; - sprintf(read_tear_str, "hf 14a raw -s -c 3e%02x", counter); + snprintf(read_tear_str, sizeof(read_tear_str), "hf 14a raw -s -c 3e%02x", counter); CommandReceived(read_tear_str); return PM3_SUCCESS; } diff --git a/client/src/cmdhfst.c b/client/src/cmdhfst.c index 28cfce0d4..6310b0b2f 100644 --- a/client/src/cmdhfst.c +++ b/client/src/cmdhfst.c @@ -23,55 +23,37 @@ #define TIMEOUT 2000 // get ST Microelectronics chip model (from UID) -char *get_st_chip_model(uint8_t pc) { - static char model[40]; - char *s = model; - memset(model, 0, sizeof(model)); +const char *get_st_chip_model(uint8_t pc) { switch (pc) { case 0x0: - sprintf(s, "SRIX4K (Special)"); - break; + return "SRIX4K (Special)"; case 0x2: - sprintf(s, "SR176"); - break; + return "SR176"; case 0x3: - sprintf(s, "SRIX4K"); - break; + return "SRIX4K"; case 0x4: - sprintf(s, "SRIX512"); - break; + return "SRIX512"; case 0x6: - sprintf(s, "SRI512"); - break; + return "SRI512"; case 0x7: - sprintf(s, "SRI4K"); - break; + return "SRI4K"; case 0xC: - sprintf(s, "SRT512"); - break; + return "SRT512"; case 0xC4: - sprintf(s, "ST25TA64K"); - break; + return "ST25TA64K"; case 0xE2: - sprintf(s, "ST25??? IKEA Rothult"); - break; + return "ST25??? IKEA Rothult"; case 0xE3: - sprintf(s, "ST25TA02KB"); - break; + return "ST25TA02KB"; case 0xE4: - sprintf(s, "ST25TA512B"); - break; + return "ST25TA512B"; case 0xA3: - sprintf(s, "ST25TA02KB-P"); - break; + return "ST25TA02KB-P"; case 0xF3: - sprintf(s, "ST25TA02KB-D"); - break; - default : - sprintf(s, "Unknown"); - break; + return "ST25TA02KB-D"; + default: + return "Unknown"; } - return s; } /* // print UID info from SRx chips (ST Microelectronics) diff --git a/client/src/cmdhfst.h b/client/src/cmdhfst.h index 4cf250076..2e8c3862e 100644 --- a/client/src/cmdhfst.h +++ b/client/src/cmdhfst.h @@ -21,6 +21,6 @@ #include "common.h" -char *get_st_chip_model(uint8_t pc); +const char *get_st_chip_model(uint8_t pc); #endif diff --git a/client/src/cmdhftopaz.c b/client/src/cmdhftopaz.c index b0834a4fc..778471b99 100644 --- a/client/src/cmdhftopaz.c +++ b/client/src/cmdhftopaz.c @@ -388,7 +388,8 @@ static void topaz_print_dynamic_data(void) { uint8_t *block_data = &topaz_tag.dynamic_memory[(blockno - 0x0F) * 8]; char lockbits[9]; for (uint16_t j = 0; j < 8; j++) { - sprintf(&line[3 * j], "%02x ", block_data[j]); + int offset = 3 * j; + snprintf(line + offset, sizeof(line) - offset, "%02x ", block_data[j]); lockbits[j] = topaz_byte_is_locked(blockno * 8 + j) ? 'y' : 'n'; } lockbits[8] = '\0'; @@ -458,7 +459,8 @@ int CmdHFTopazInfo(const char *Cmd) { for (uint16_t i = 0; i <= 0x0c; i++) { char lockbits[9]; for (uint16_t j = 0; j < 8; j++) { - sprintf(&line[3 * j], "%02x ", topaz_tag.data_blocks[i][j] /*rall_response[2 + 8*i + j]*/); + int offset = 3 * j; + snprintf(line + offset, sizeof(line) - offset, "%02x ", topaz_tag.data_blocks[i][j] /*rall_response[2 + 8*i + j]*/); lockbits[j] = topaz_byte_is_locked(i * 8 + j) ? 'y' : 'n'; } lockbits[8] = '\0'; @@ -468,7 +470,8 @@ int CmdHFTopazInfo(const char *Cmd) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(SUCCESS, "Static Reserved block " _YELLOW_("0x0D")":"); for (uint16_t j = 0; j < 8; j++) { - sprintf(&line[3 * j], "%02x ", topaz_tag.data_blocks[0x0d][j]); + int offset = 3 * j; + snprintf(line + offset, sizeof(line) - offset, "%02x ", topaz_tag.data_blocks[0x0d][j]); } PrintAndLogEx(NORMAL, "-------+--------+-------------------------+------------"); PrintAndLogEx(NORMAL, " 0x%02x | 0x%02x | %s| %-3s", 0x0d, 0x0d * 8, line, "n/a"); @@ -476,7 +479,8 @@ int CmdHFTopazInfo(const char *Cmd) { PrintAndLogEx(SUCCESS, "Static Lockbits and OTP Bytes:"); for (uint16_t j = 0; j < 8; j++) { - sprintf(&line[3 * j], "%02x ", topaz_tag.data_blocks[0x0e][j]); + int offset = 3 * j; + snprintf(line + offset, sizeof(line) - offset, "%02x ", topaz_tag.data_blocks[0x0e][j]); } PrintAndLogEx(NORMAL, "-------+--------+-------------------------+------------"); PrintAndLogEx(NORMAL, " 0x%02x | 0x%02x | %s| %-3s", 0x0e, 0x0e * 8, line, "n/a"); diff --git a/client/src/cmdhw.c b/client/src/cmdhw.c index d860fcf99..70f58516a 100644 --- a/client/src/cmdhw.c +++ b/client/src/cmdhw.c @@ -37,62 +37,64 @@ static int CmdHelp(const char *Cmd); static void lookup_chipid_short(uint32_t iChipID, uint32_t mem_used) { - char asBuff[120]; - memset(asBuff, 0, sizeof(asBuff)); + const char *asBuff; switch (iChipID) { case 0x270B0A40: - sprintf(asBuff, "AT91SAM7S512 Rev A"); + asBuff = "AT91SAM7S512 Rev A"; break; case 0x270B0A4F: - sprintf(asBuff, "AT91SAM7S512 Rev B"); + asBuff = "AT91SAM7S512 Rev B"; break; case 0x270D0940: - sprintf(asBuff, "AT91SAM7S256 Rev A"); + asBuff = "AT91SAM7S256 Rev A"; break; case 0x270B0941: - sprintf(asBuff, "AT91SAM7S256 Rev B"); + asBuff = "AT91SAM7S256 Rev B"; break; case 0x270B0942: - sprintf(asBuff, "AT91SAM7S256 Rev C"); + asBuff = "AT91SAM7S256 Rev C"; break; case 0x270B0943: - sprintf(asBuff, "AT91SAM7S256 Rev D"); + asBuff = "AT91SAM7S256 Rev D"; break; case 0x270C0740: - sprintf(asBuff, "AT91SAM7S128 Rev A"); + asBuff = "AT91SAM7S128 Rev A"; break; case 0x270A0741: - sprintf(asBuff, "AT91SAM7S128 Rev B"); + asBuff = "AT91SAM7S128 Rev B"; break; case 0x270A0742: - sprintf(asBuff, "AT91SAM7S128 Rev C"); + asBuff = "AT91SAM7S128 Rev C"; break; case 0x270A0743: - sprintf(asBuff, "AT91SAM7S128 Rev D"); + asBuff = "AT91SAM7S128 Rev D"; break; case 0x27090540: - sprintf(asBuff, "AT91SAM7S64 Rev A"); + asBuff = "AT91SAM7S64 Rev A"; break; case 0x27090543: - sprintf(asBuff, "AT91SAM7S64 Rev B"); + asBuff = "AT91SAM7S64 Rev B"; break; case 0x27090544: - sprintf(asBuff, "AT91SAM7S64 Rev C"); + asBuff = "AT91SAM7S64 Rev C"; break; case 0x27080342: - sprintf(asBuff, "AT91SAM7S321 Rev A"); + asBuff = "AT91SAM7S321 Rev A"; break; case 0x27080340: - sprintf(asBuff, "AT91SAM7S32 Rev A"); + asBuff = "AT91SAM7S32 Rev A"; break; case 0x27080341: - sprintf(asBuff, "AT91SAM7S32 Rev B"); + asBuff = "AT91SAM7S32 Rev B"; break; case 0x27050241: - sprintf(asBuff, "AT9SAM7S161 Rev A"); + asBuff = "AT9SAM7S161 Rev A"; break; case 0x27050240: - sprintf(asBuff, "AT91SAM7S16 Rev A"); + asBuff = "AT91SAM7S16 Rev A"; + break; + default: + asBuff = "Unknown"; break; } PrintAndLogEx(NORMAL, " MCU....... " _YELLOW_("%s"), asBuff); @@ -140,210 +142,224 @@ static void lookup_chipid_short(uint32_t iChipID, uint32_t mem_used) { } static void lookupChipID(uint32_t iChipID, uint32_t mem_used) { - char asBuff[120]; - memset(asBuff, 0, sizeof(asBuff)); + const char *asBuff; uint32_t mem_avail = 0; PrintAndLogEx(NORMAL, "\n [ " _YELLOW_("Hardware") " ]"); switch (iChipID) { case 0x270B0A40: - sprintf(asBuff, "AT91SAM7S512 Rev A"); + asBuff = "AT91SAM7S512 Rev A"; break; case 0x270B0A4F: - sprintf(asBuff, "AT91SAM7S512 Rev B"); + asBuff = "AT91SAM7S512 Rev B"; break; case 0x270D0940: - sprintf(asBuff, "AT91SAM7S256 Rev A"); + asBuff = "AT91SAM7S256 Rev A"; break; case 0x270B0941: - sprintf(asBuff, "AT91SAM7S256 Rev B"); + asBuff = "AT91SAM7S256 Rev B"; break; case 0x270B0942: - sprintf(asBuff, "AT91SAM7S256 Rev C"); + asBuff = "AT91SAM7S256 Rev C"; break; case 0x270B0943: - sprintf(asBuff, "AT91SAM7S256 Rev D"); + asBuff = "AT91SAM7S256 Rev D"; break; case 0x270C0740: - sprintf(asBuff, "AT91SAM7S128 Rev A"); + asBuff = "AT91SAM7S128 Rev A"; break; case 0x270A0741: - sprintf(asBuff, "AT91SAM7S128 Rev B"); + asBuff = "AT91SAM7S128 Rev B"; break; case 0x270A0742: - sprintf(asBuff, "AT91SAM7S128 Rev C"); + asBuff = "AT91SAM7S128 Rev C"; break; case 0x270A0743: - sprintf(asBuff, "AT91SAM7S128 Rev D"); + asBuff = "AT91SAM7S128 Rev D"; break; case 0x27090540: - sprintf(asBuff, "AT91SAM7S64 Rev A"); + asBuff = "AT91SAM7S64 Rev A"; break; case 0x27090543: - sprintf(asBuff, "AT91SAM7S64 Rev B"); + asBuff = "AT91SAM7S64 Rev B"; break; case 0x27090544: - sprintf(asBuff, "AT91SAM7S64 Rev C"); + asBuff = "AT91SAM7S64 Rev C"; break; case 0x27080342: - sprintf(asBuff, "AT91SAM7S321 Rev A"); + asBuff = "AT91SAM7S321 Rev A"; break; case 0x27080340: - sprintf(asBuff, "AT91SAM7S32 Rev A"); + asBuff = "AT91SAM7S32 Rev A"; break; case 0x27080341: - sprintf(asBuff, "AT91SAM7S32 Rev B"); + asBuff = "AT91SAM7S32 Rev B"; break; case 0x27050241: - sprintf(asBuff, "AT9SAM7S161 Rev A"); + asBuff = "AT9SAM7S161 Rev A"; break; case 0x27050240: - sprintf(asBuff, "AT91SAM7S16 Rev A"); + asBuff = "AT91SAM7S16 Rev A"; + break; + default: + asBuff = "Unknown"; break; } PrintAndLogEx(NORMAL, " --= uC: " _YELLOW_("%s"), asBuff); switch ((iChipID & 0xE0) >> 5) { case 1: - sprintf(asBuff, "ARM946ES"); + asBuff = "ARM946ES"; break; case 2: - sprintf(asBuff, "ARM7TDMI"); + asBuff = "ARM7TDMI"; break; case 4: - sprintf(asBuff, "ARM920T"); + asBuff = "ARM920T"; break; case 5: - sprintf(asBuff, "ARM926EJS"); + asBuff = "ARM926EJS"; + break; + default: + asBuff = "Unknown"; break; } PrintAndLogEx(NORMAL, " --= Embedded Processor: %s", asBuff); switch ((iChipID & 0xF0000) >> 16) { case 1: - sprintf(asBuff, "1K bytes"); + asBuff = "1K bytes"; break; case 2: - sprintf(asBuff, "2K bytes"); + asBuff = "2K bytes"; break; case 3: - sprintf(asBuff, "6K bytes"); + asBuff = "6K bytes"; break; case 4: - sprintf(asBuff, "112K bytes"); + asBuff = "112K bytes"; break; case 5: - sprintf(asBuff, "4K bytes"); + asBuff = "4K bytes"; break; case 6: - sprintf(asBuff, "80K bytes"); + asBuff = "80K bytes"; break; case 7: - sprintf(asBuff, "160K bytes"); + asBuff = "160K bytes"; break; case 8: - sprintf(asBuff, "8K bytes"); + asBuff = "8K bytes"; break; case 9: - sprintf(asBuff, "16K bytes"); + asBuff = "16K bytes"; break; case 10: - sprintf(asBuff, "32K bytes"); + asBuff = "32K bytes"; break; case 11: - sprintf(asBuff, "64K bytes"); + asBuff = "64K bytes"; break; case 12: - sprintf(asBuff, "128K bytes"); + asBuff = "128K bytes"; break; case 13: - sprintf(asBuff, "256K bytes"); + asBuff = "256K bytes"; break; case 14: - sprintf(asBuff, "96K bytes"); + asBuff = "96K bytes"; break; case 15: - sprintf(asBuff, "512K bytes"); + asBuff = "512K bytes"; + break; + default: + asBuff = "Unknown"; break; } PrintAndLogEx(NORMAL, " --= Internal SRAM size: %s", asBuff); switch ((iChipID & 0xFF00000) >> 20) { case 0x19: - sprintf(asBuff, "AT91SAM9xx Series"); + asBuff = "AT91SAM9xx Series"; break; case 0x29: - sprintf(asBuff, "AT91SAM9XExx Series"); + asBuff = "AT91SAM9XExx Series"; break; case 0x34: - sprintf(asBuff, "AT91x34 Series"); + asBuff = "AT91x34 Series"; break; case 0x37: - sprintf(asBuff, "CAP7 Series"); + asBuff = "CAP7 Series"; break; case 0x39: - sprintf(asBuff, "CAP9 Series"); + asBuff = "CAP9 Series"; break; case 0x3B: - sprintf(asBuff, "CAP11 Series"); + asBuff = "CAP11 Series"; break; case 0x40: - sprintf(asBuff, "AT91x40 Series"); + asBuff = "AT91x40 Series"; break; case 0x42: - sprintf(asBuff, "AT91x42 Series"); + asBuff = "AT91x42 Series"; break; case 0x55: - sprintf(asBuff, "AT91x55 Series"); + asBuff = "AT91x55 Series"; break; case 0x60: - sprintf(asBuff, "AT91SAM7Axx Series"); + asBuff = "AT91SAM7Axx Series"; break; case 0x61: - sprintf(asBuff, "AT91SAM7AQxx Series"); + asBuff = "AT91SAM7AQxx Series"; break; case 0x63: - sprintf(asBuff, "AT91x63 Series"); + asBuff = "AT91x63 Series"; break; case 0x70: - sprintf(asBuff, "AT91SAM7Sxx Series"); + asBuff = "AT91SAM7Sxx Series"; break; case 0x71: - sprintf(asBuff, "AT91SAM7XCxx Series"); + asBuff = "AT91SAM7XCxx Series"; break; case 0x72: - sprintf(asBuff, "AT91SAM7SExx Series"); + asBuff = "AT91SAM7SExx Series"; break; case 0x73: - sprintf(asBuff, "AT91SAM7Lxx Series"); + asBuff = "AT91SAM7Lxx Series"; break; case 0x75: - sprintf(asBuff, "AT91SAM7Xxx Series"); + asBuff = "AT91SAM7Xxx Series"; break; case 0x92: - sprintf(asBuff, "AT91x92 Series"); + asBuff = "AT91x92 Series"; break; case 0xF0: - sprintf(asBuff, "AT75Cxx Series"); + asBuff = "AT75Cxx Series"; + break; + default: + asBuff = "Unknown"; break; } PrintAndLogEx(NORMAL, " --= Architecture identifier: %s", asBuff); switch ((iChipID & 0x70000000) >> 28) { case 0: - sprintf(asBuff, "ROM"); + asBuff = "ROM"; break; case 1: - sprintf(asBuff, "ROMless or on-chip Flash"); + asBuff = "ROMless or on-chip Flash"; break; case 2: - sprintf(asBuff, "Embedded flash memory"); + asBuff = "Embedded flash memory"; break; case 3: - sprintf(asBuff, "ROM and Embedded flash memory\nNVPSIZ is ROM size\nNVPSIZ2 is Flash size"); + asBuff = "ROM and Embedded flash memory\nNVPSIZ is ROM size\nNVPSIZ2 is Flash size"; break; case 4: - sprintf(asBuff, "SRAM emulating ROM"); + asBuff = "SRAM emulating ROM"; + break; + default: + asBuff = "Unknown"; break; } switch ((iChipID & 0xF00) >> 8) { @@ -388,34 +404,34 @@ static void lookupChipID(uint32_t iChipID, uint32_t mem_used) { /* switch ((iChipID & 0xF000) >> 12) { case 0: - sprintf(asBuff, "None"); + asBuff = "None"); break; case 1: - sprintf(asBuff, "8K bytes"); + asBuff = "8K bytes"); break; case 2: - sprintf(asBuff, "16K bytes"); + asBuff = "16K bytes"); break; case 3: - sprintf(asBuff, "32K bytes"); + asBuff = "32K bytes"); break; case 5: - sprintf(asBuff, "64K bytes"); + asBuff = "64K bytes"); break; case 7: - sprintf(asBuff, "128K bytes"); + asBuff = "128K bytes"); break; case 9: - sprintf(asBuff, "256K bytes"); + asBuff = "256K bytes"); break; case 10: - sprintf(asBuff, "512K bytes"); + asBuff = "512K bytes"); break; case 12: - sprintf(asBuff, "1024K bytes"); + asBuff = "1024K bytes"); break; case 14: - sprintf(asBuff, "2048K bytes"); + asBuff = "2048K bytes"); break; } PrintAndLogEx(NORMAL, " --= Second nonvolatile program memory size: %s", asBuff); @@ -464,22 +480,25 @@ static int CmdDbg(const char *Cmd) { } uint8_t curr = resp.data.asBytes[0]; - char dbglvlstr[20] = {0}; + const char* dbglvlstr; switch (curr) { case DBG_NONE: - sprintf(dbglvlstr, "none"); + dbglvlstr = "none"; break; case DBG_ERROR: - sprintf(dbglvlstr, "error"); + dbglvlstr = "error"; break; case DBG_INFO: - sprintf(dbglvlstr, "info"); + dbglvlstr = "info"; break; case DBG_DEBUG: - sprintf(dbglvlstr, "debug"); + dbglvlstr = "debug"; break; case DBG_EXTENDED: - sprintf(dbglvlstr, "extended"); + dbglvlstr = "extended"; + break; + default: + dbglvlstr = "unknown"; break; } PrintAndLogEx(INFO, " Current debug log level..... %d ( " _YELLOW_("%s")" )", curr, dbglvlstr); diff --git a/client/src/cmdlf.c b/client/src/cmdlf.c index 986d15cc1..848f6cab0 100644 --- a/client/src/cmdlf.c +++ b/client/src/cmdlf.c @@ -234,7 +234,7 @@ int CmdLFCommandRead(const char *Cmd) { ); char div_str[70] = {0}; - sprintf(div_str, "Extra symbol definition and duration (up to %i)", LF_CMDREAD_MAX_EXTRA_SYMBOLS); + snprintf(div_str, sizeof(div_str), "Extra symbol definition and duration (up to %i)", LF_CMDREAD_MAX_EXTRA_SYMBOLS); void *argtable[] = { arg_param_begin, @@ -571,7 +571,7 @@ int CmdLFConfig(const char *Cmd) { ); char div_str[70] = {0}; - sprintf(div_str, "Manually set freq divisor. %d -> 134 kHz, %d -> 125 kHz", LF_DIVISOR_134, LF_DIVISOR_125); + snprintf(div_str, sizeof(div_str), "Manually set freq divisor. %d -> 134 kHz, %d -> 125 kHz", LF_DIVISOR_134, LF_DIVISOR_125); void *argtable[] = { arg_param_begin, diff --git a/client/src/cmdlfem4x05.c b/client/src/cmdlfem4x05.c index 1dff74de0..8998e270c 100644 --- a/client/src/cmdlfem4x05.c +++ b/client/src/cmdlfem4x05.c @@ -698,11 +698,11 @@ int CmdEM4x05Dump(const char *Cmd) { if (strcmp(filename, "") == 0) { if (card_type == EM_4369) { - sprintf(filename, "lf-4369-%08X-dump", BSWAP_32(data[1])); + snprintf(filename, sizeof(filename), "lf-4369-%08X-dump", BSWAP_32(data[1])); } else if (card_type == EM_4469) { - sprintf(filename, "lf-4469-%08X-dump", BSWAP_32(data[1])); + snprintf(filename, sizeof(filename), "lf-4469-%08X-dump", BSWAP_32(data[1])); } else { - sprintf(filename, "lf-4x05-%08X-dump", BSWAP_32(data[1])); + snprintf(filename, sizeof(filename), "lf-4x05-%08X-dump", BSWAP_32(data[1])); } } @@ -1993,7 +1993,7 @@ int CmdEM4x05Sniff(const char *Cmd) { bool fwd = arg_get_lit(ctx, 2); CLIParserFree(ctx); - char cmdText[100]; + const char* cmdText; char dataText[100]; char blkAddr[4]; char bits[80]; @@ -2048,7 +2048,7 @@ int CmdEM4x05Sniff(const char *Cmd) { if ((CycleWidth > 300) || (CycleWidth < (ZeroWidth - 5))) { // to long or too short eop = true; bits[bitidx++] = '0'; // Append last zero from the last bit find - cmdText[0] = 0; + cmdText = ""; // EM4305 command lengths // Login 0011 => 4 + 45 => 49 @@ -2074,53 +2074,53 @@ int CmdEM4x05Sniff(const char *Cmd) { if ((strncmp(bits, "0011", 4) == 0) && (bitidx == 49)) { haveData = true; pwd = true; - sprintf(cmdText, "Logon"); - sprintf(blkAddr, " "); + cmdText = "Logon"; + strncpy(blkAddr, " ", sizeof(blkAddr)); tmpValue = em4x05_Sniff_GetBlock(&bits[4], fwd); - sprintf(dataText, "%08X", tmpValue); + snprintf(dataText, sizeof(dataText), "%08X", tmpValue); } // write if ((strncmp(bits, "0101", 4) == 0) && (bitidx == 56)) { haveData = true; - sprintf(cmdText, "Write"); + cmdText = "Write"; tmpValue = (bits[4] - '0') + ((bits[5] - '0') << 1) + ((bits[6] - '0') << 2) + ((bits[7] - '0') << 3); - sprintf(blkAddr, "%u", tmpValue); + snprintf(blkAddr, sizeof(blkAddr), "%u", tmpValue); if (tmpValue == 2) { pwd = true; } tmpValue = em4x05_Sniff_GetBlock(&bits[11], fwd); - sprintf(dataText, "%08X", tmpValue); + snprintf(dataText, sizeof(dataText), "%08X", tmpValue); } // read if ((strncmp(bits, "1001", 4) == 0) && (bitidx == 11)) { haveData = true; pwd = false; - sprintf(cmdText, "Read"); + cmdText = "Read"; tmpValue = (bits[4] - '0') + ((bits[5] - '0') << 1) + ((bits[6] - '0') << 2) + ((bits[7] - '0') << 3); - sprintf(blkAddr, "%u", tmpValue); - sprintf(dataText, " "); + snprintf(blkAddr, sizeof(blkAddr), "%u", tmpValue); + strncpy(dataText, " ", sizeof(dataText)); } // protect if ((strncmp(bits, "1100", 4) == 0) && (bitidx == 49)) { haveData = true; pwd = false; - sprintf(cmdText, "Protect"); - sprintf(blkAddr, " "); + cmdText = "Protect"; + strncpy(blkAddr, " ", sizeof(blkAddr)); tmpValue = em4x05_Sniff_GetBlock(&bits[11], fwd); - sprintf(dataText, "%08X", tmpValue); + snprintf(dataText, sizeof(dataText), "%08X", tmpValue); } // disable if ((strncmp(bits, "1010", 4) == 0) && (bitidx == 49)) { haveData = true; pwd = false; - sprintf(cmdText, "Disable"); - sprintf(blkAddr, " "); + cmdText = "Disable"; + strncpy(blkAddr, " ", sizeof(blkAddr)); tmpValue = em4x05_Sniff_GetBlock(&bits[11], fwd); - sprintf(dataText, "%08X", tmpValue); + snprintf(dataText, sizeof(dataText), "%08X", tmpValue); } // bits[bitidx] = 0; diff --git a/client/src/cmdlfem4x50.c b/client/src/cmdlfem4x50.c index e12627d1b..b734ad89f 100644 --- a/client/src/cmdlfem4x50.c +++ b/client/src/cmdlfem4x50.c @@ -50,31 +50,32 @@ static void print_result(const em4x50_word_t *words, int fwr, int lwr) { for (int i = fwr; i <= lwr; i++) { - char s[50] = {0}; + const char* s; switch (i) { case EM4X50_DEVICE_PASSWORD: - sprintf(s, _YELLOW_("password, write only")); + s = _YELLOW_("password, write only"); break; case EM4X50_PROTECTION: - sprintf(s, _YELLOW_("protection cfg (locked)")); + s = _YELLOW_("protection cfg (locked)"); break; case EM4X50_CONTROL: - sprintf(s, _YELLOW_("control cfg (locked)")); + s = _YELLOW_("control cfg (locked)"); break; case EM4X50_DEVICE_SERIAL: - sprintf(s, _YELLOW_("device serial number (read only)")); + s = _YELLOW_("device serial number (read only)"); break; case EM4X50_DEVICE_ID: - sprintf(s, _YELLOW_("device identification (read only)")); + s = _YELLOW_("device identification (read only)"); break; default: - sprintf(s, "user data"); + s = "user data"; break; } char r[30] = {0}; for (int j = 3; j >= 0; j--) { - sprintf(r + strlen(r), "%02x ", reflect8(words[i].byte[j])); + int offset = strlen(r); + snprintf(r + offset, sizeof(r) - offset, "%02x ", reflect8(words[i].byte[j])); } PrintAndLogEx(INFO, " %2i | " _GREEN_("%s") "| %s| %s", @@ -708,7 +709,8 @@ int CmdEM4x50Reader(const char *Cmd) { char r[30]; memset(r, 0, sizeof(r)); for (int j = 3; j >= 0; j--) { - sprintf(r + strlen(r), "%02x ", reflect8(words[i].byte[j])); + int offset = strlen(r); + snprintf(r + offset, sizeof(r) - offset, "%02x ", reflect8(words[i].byte[j])); } PrintAndLogEx(INFO, _GREEN_(" %s") "| %s", sprint_hex(words[i].byte, 4), r); @@ -786,8 +788,7 @@ int CmdEM4x50Dump(const char *Cmd) { // user supplied filename? if (fnLen == 0) { PrintAndLogEx(INFO, "Using UID as filename"); - char *fptr = filename; - fptr += sprintf(fptr, "lf-4x50-"); + char *fptr = filename + snprintf(filename, sizeof(filename), "lf-4x50-"); FillFileNameByUID(fptr, words[EM4X50_DEVICE_ID].byte, "-dump", 4); } @@ -1083,8 +1084,7 @@ int CmdEM4x50Restore(const char *Cmd) { if (uidLen) { PrintAndLogEx(INFO, "Using UID as filename"); - char *fptr = filename; - fptr += sprintf(fptr, "lf-4x50-"); + char *fptr = filename + snprintf(filename, sizeof(filename), "lf-4x50-"); FillFileNameByUID(fptr, uid, "-dump", 4); } diff --git a/client/src/cmdlfhitag.c b/client/src/cmdlfhitag.c index 539bda10a..4f891ffda 100644 --- a/client/src/cmdlfhitag.c +++ b/client/src/cmdlfhitag.c @@ -156,11 +156,12 @@ static int CmdLFHitagList(const char *Cmd) { int j; for (j = 0; j < len; j++) { + int offset = j * 4; //if((parityBits >> (len - j - 1)) & 0x01) { if (isResponse && (oddparity8(frame[j]) != ((parityBits >> (len - j - 1)) & 0x01))) { - sprintf(line + (j * 4), "%02x! ", frame[j]); + snprintf(line + offset, sizeof(line) - offset, "%02x! ", frame[j]); } else { - sprintf(line + (j * 4), "%02x ", frame[j]); + snprintf(line + offset, sizeof(line) - offset, "%02x ", frame[j]); } } @@ -853,8 +854,7 @@ static int CmdLFHitag2Dump(const char *Cmd) { PacketResponseNG resp; uint8_t *data = resp.data.asBytes; if (fnlen < 1) { - char *fptr = filename; - fptr += sprintf(fptr, "lf-hitag-"); + char *fptr = filename + snprintf(filename, sizeof(filename), "lf-hitag-"); FillFileNameByUID(fptr, data, "-dump", 4); } diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index 560582a11..2af8f18b7 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -78,16 +78,18 @@ void Set_t55xx_Config(t55xx_conf_block_t conf) { static int CmdHelp(const char *Cmd); static void arg_add_t55xx_downloadlink(void *at[], uint8_t *idx, uint8_t show, uint8_t dl_mode_def) { + const size_t r_count = 56; + const size_t r_len = r_count * sizeof(uint8_t); - char *r0 = (char *)calloc(56, sizeof(uint8_t)); - char *r1 = (char *)calloc(56, sizeof(uint8_t)); - char *r2 = (char *)calloc(56, sizeof(uint8_t)); - char *r3 = (char *)calloc(56, sizeof(uint8_t)); + char *r0 = (char *)calloc(r_count, sizeof(uint8_t)); + char *r1 = (char *)calloc(r_count, sizeof(uint8_t)); + char *r2 = (char *)calloc(r_count, sizeof(uint8_t)); + char *r3 = (char *)calloc(r_count, sizeof(uint8_t)); - sprintf(r0, "downlink - fixed bit length %s", (dl_mode_def == 0) ? "(detected def)" : ""); - sprintf(r1, "downlink - long leading reference %s", (dl_mode_def == 1) ? "(detected def)" : ""); - sprintf(r2, "downlink - leading zero %s", (dl_mode_def == 2) ? "(detected def)" : ""); - sprintf(r3, "downlink - 1 of 4 coding reference %s", (dl_mode_def == 3) ? "(detected def)" : ""); + snprintf(r0, r_len, "downlink - fixed bit length %s", (dl_mode_def == 0) ? "(detected def)" : ""); + snprintf(r1, r_len, "downlink - long leading reference %s", (dl_mode_def == 1) ? "(detected def)" : ""); + snprintf(r2, r_len, "downlink - leading zero %s", (dl_mode_def == 2) ? "(detected def)" : ""); + snprintf(r3, r_len, "downlink - 1 of 4 coding reference %s", (dl_mode_def == 3) ? "(detected def)" : ""); uint8_t n = *idx; at[n++] = arg_lit0(NULL, "r0", r0); @@ -96,8 +98,8 @@ static void arg_add_t55xx_downloadlink(void *at[], uint8_t *idx, uint8_t show, u at[n++] = arg_lit0(NULL, "r3", r3); if (show == T55XX_DLMODE_ALL) { - char *r4 = (char *)calloc(56, sizeof(uint8_t)); - sprintf(r4, "try all downlink modes %s", (dl_mode_def == 4) ? "(def)" : ""); + char *r4 = (char *)calloc(r_count, sizeof(uint8_t)); + snprintf(r4, r_len, "try all downlink modes %s", (dl_mode_def == 4) ? "(def)" : ""); at[n++] = arg_lit0(NULL, "all", r4); } at[n++] = arg_param_end; @@ -961,7 +963,7 @@ static int CmdT55xxDetect(const char *Cmd) { if (use_gb == false) { char wakecmd[20] = { 0x00 }; - sprintf(wakecmd, "-p %08" PRIx64, password); + snprintf(wakecmd, sizeof(wakecmd), "-p %08" PRIx64, password); bool usewake = false; bool try_with_pwd = false; @@ -4010,7 +4012,7 @@ static int CmdT55xxSniff(const char *Cmd) { size_t idx = 0; uint32_t usedPassword, blockData; int pulseSamples = 0, pulseIdx = 0; - char modeText[100]; + const char *modeText; char pwdText[100]; char dataText[100]; int pulseBuffer[80] = { 0 }; // max should be 73 +/- - Holds Pulse widths @@ -4036,9 +4038,9 @@ static int CmdT55xxSniff(const char *Cmd) { int maxWidth = 0; data[0] = 0; bool have_data = false; - sprintf(modeText, "Default"); - sprintf(pwdText, " "); - sprintf(dataText, " "); + modeText = "Default"; + strncpy(pwdText, " ", sizeof(pwdText)); + strncpy(dataText, " ", sizeof(dataText)); if (pulseSamples == 0) { idx++; @@ -4133,7 +4135,7 @@ static int CmdT55xxSniff(const char *Cmd) { } blockData = 0; have_data = true; - sprintf(modeText, "Default Read"); + modeText = "Default Read"; } // Password Write @@ -4161,9 +4163,9 @@ static int CmdT55xxSniff(const char *Cmd) { blockAddr |= 1; } have_data = true; - sprintf(modeText, "Default pwd write"); - sprintf(pwdText, "%08X", usedPassword); - sprintf(dataText, "%08X", blockData); + modeText = "Default pwd write"; + snprintf(pwdText, sizeof(pwdText), "%08X", usedPassword); + snprintf(dataText, sizeof(dataText), "%08X", blockData); } // Default Write (or password read ??) @@ -4185,8 +4187,8 @@ static int CmdT55xxSniff(const char *Cmd) { blockAddr |= 1; } have_data = true; - sprintf(modeText, "Default write"); - sprintf(dataText, "%08X", blockData); + modeText = "Default write"; + snprintf(dataText, sizeof(dataText), "%08X", blockData); } } } @@ -4221,9 +4223,9 @@ static int CmdT55xxSniff(const char *Cmd) { blockAddr |= 1; } have_data = true; - sprintf(modeText, "Leading 0 pwd write"); - sprintf(pwdText, "%08X", usedPassword); - sprintf(dataText, "%08X", blockData); + modeText = "Leading 0 pwd write"; + snprintf(pwdText, sizeof(pwdText), "%08X", usedPassword); + snprintf(dataText, sizeof(dataText), "%08X", blockData); } } } diff --git a/client/src/cmdtrace.c b/client/src/cmdtrace.c index f13dff25d..1ef307cf6 100644 --- a/client/src/cmdtrace.c +++ b/client/src/cmdtrace.c @@ -436,18 +436,23 @@ static uint16_t printHexLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trac * we use format timestamp, newline, offset (0x000000), pseudo header, data * `text2pcap -t "%S." -l 264 -n ` */ - char line[(hdr->data_len * 3) + 1]; - char *ptr = &line[0]; + int line_len = (hdr->data_len * 3) + 1; + char line[line_len]; + char *ptr = line; for (int i = 0; i < hdr->data_len ; i++) { - ptr += sprintf(ptr, "%02x ", hdr->frame[i]); + ptr += snprintf(ptr, line_len, "%02x ", hdr->frame[i]); + line_len -= 3; + if (line_len <= 0) { + break; + } } char data_len_str[5]; char temp_str1[3] = {0}; char temp_str2[3] = {0}; - sprintf(data_len_str, "%04x", hdr->data_len); + snprintf(data_len_str, sizeof(data_len_str), "%04x", hdr->data_len); memmove(temp_str1, data_len_str, 2); memmove(temp_str2, data_len_str + 2, 2); @@ -572,11 +577,11 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr if (data_len == 0) { if (protocol == ICLASS && duration == 2048) { - sprintf(line[0], ""); + snprintf(line[0], sizeof(line[0]), ""); } else if (protocol == ISO_15693 && duration == 512) { - sprintf(line[0], ""); + snprintf(line[0], sizeof(line[0]), ""); } else { - sprintf(line[0], ""); + snprintf(line[0], sizeof(line[0]), ""); } } uint8_t partialbytebuff = 0; @@ -636,13 +641,15 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr char *pos1 = line[(data_len - 1) / 18] + (((data_len - 1) % 18) * 4) + offset - 1; (*pos1) = '['; char *pos2 = line[(data_len) / 18] + (((data_len) % 18) * 4) + offset - 2; - sprintf(pos2, "%c", ']'); + (*pos2) = ']'; + (*(pos2 + 1)) = '\0'; } else { if (crcStatus == 0 || crcStatus == 1) { char *pos1 = line[(data_len - 2) / 18] + (((data_len - 2) % 18) * 4) - 1; (*pos1) = '['; char *pos2 = line[(data_len) / 18] + (((data_len) % 18) * 4) - 1; - sprintf(pos2, "%c", ']'); + (*pos2) = ']'; + (*(pos2 + 1)) = '\0'; } } } diff --git a/client/src/cmdusart.c b/client/src/cmdusart.c index f4b712475..d67ae9bf1 100644 --- a/client/src/cmdusart.c +++ b/client/src/cmdusart.c @@ -386,7 +386,7 @@ static int CmdUsartBtPin(const char *Cmd) { } char string[6 + sizeof(pin)] = {0}; - sprintf(string, "AT+PIN%s", pin); + snprintf(string, sizeof(string), "AT+PIN%s", pin); uint8_t data[PM3_CMD_DATA_SIZE] = {0x00}; size_t len = 0; int ret = usart_txrx((uint8_t *)string, strlen(string), data, &len, 600); diff --git a/client/src/emv/emvcore.c b/client/src/emv/emvcore.c index 63e0c14dc..17aa2610e 100644 --- a/client/src/emv/emvcore.c +++ b/client/src/emv/emvcore.c @@ -224,7 +224,7 @@ struct tlvdb *GetPANFromTrack2(const struct tlv *track2) { return NULL; for (int i = 0; i < track2->len; ++i, tmp += 2) - sprintf(tmp, "%02x", (unsigned int)track2->value[i]); + snprintf(tmp, sizeof(track2Hex) - (tmp - track2Hex), "%02x", (unsigned int)track2->value[i]); int posD = strchr(track2Hex, 'd') - track2Hex; if (posD < 1) @@ -253,7 +253,7 @@ struct tlvdb *GetdCVVRawFromTrack2(const struct tlv *track2) { return NULL; for (int i = 0; i < track2->len; ++i, tmp += 2) - sprintf(tmp, "%02x", (unsigned int)track2->value[i]); + snprintf(tmp, sizeof(track2Hex) - (tmp - track2Hex), "%02x", (unsigned int)track2->value[i]); int posD = strchr(track2Hex, 'd') - track2Hex; if (posD < 1) diff --git a/client/src/emv/emvjson.c b/client/src/emv/emvjson.c index 0b4b74297..448e05ba7 100644 --- a/client/src/emv/emvjson.c +++ b/client/src/emv/emvjson.c @@ -206,7 +206,7 @@ int JsonSaveTLVTree(json_t *root, json_t *elm, const char *path, struct tlvdb *t if (AppDataName) { char appdatalink[200] = {0}; - sprintf(appdatalink, "$.ApplicationData.%s", AppDataName); + snprintf(appdatalink, sizeof(appdatalink), "$.ApplicationData.%s", AppDataName); JsonSaveBufAsHex(root, appdatalink, (uint8_t *)tlvpelm->value, tlvpelm->len); } diff --git a/client/src/fileutils.c b/client/src/fileutils.c index 3dee474c0..026193702 100644 --- a/client/src/fileutils.c +++ b/client/src/fileutils.c @@ -251,15 +251,19 @@ char *newfilenamemcopy(const char *preferredName, const char *suffix) { if (str_endswith(preferredName, suffix)) p_namelen -= strlen(suffix); - char *fileName = (char *) calloc(p_namelen + strlen(suffix) + 1 + 10, sizeof(uint8_t)); // 10: room for filenum to ensure new filename + const size_t fileNameLen = p_namelen + strlen(suffix) + 1 + 10; + const size_t fileNameSize = fileNameLen * sizeof(uint8_t); + + char *fileName = (char *) calloc(fileNameLen, sizeof(uint8_t)); // 10: room for filenum to ensure new filename if (fileName == NULL) { return NULL; } + int num = 1; - sprintf(fileName, "%.*s%s", p_namelen, preferredName, suffix); + snprintf(fileName, fileNameSize, "%.*s%s", p_namelen, preferredName, suffix); while (fileExists(fileName)) { - sprintf(fileName, "%.*s-%d%s", p_namelen, preferredName, num, suffix); + snprintf(fileName, fileNameSize, "%.*s-%d%s", p_namelen, preferredName, num, suffix); num++; } return fileName; @@ -361,7 +365,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, JsonSaveBufAsHexCompact(root, "$.Card.SAK", &(xdump->card_info.sak), 1); for (size_t i = 0; i < (xdump->dumplen / 16); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, &xdump->dump[i * 16], 16); if (mfIsSectorTrailer(i)) { snprintf(path, sizeof(path), "$.SectorKeys.%d.KeyA", mfSectorNum(i)); @@ -409,9 +413,9 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, JsonSaveBufAsHexCompact(root, "$.Card.TBO_1", tmp->tbo1, sizeof(tmp->tbo1)); JsonSaveBufAsHexCompact(root, "$.Card.Signature", tmp->signature, sizeof(tmp->signature)); for (uint8_t i = 0; i < 3; i ++) { - sprintf(path, "$.Card.Counter%d", i); + snprintf(path, sizeof(path), "$.Card.Counter%d", i); JsonSaveBufAsHexCompact(root, path, tmp->counter_tearing[i], 3); - sprintf(path, "$.Card.Tearing%d", i); + snprintf(path, sizeof(path), "$.Card.Tearing%d", i); JsonSaveBufAsHexCompact(root, path, tmp->counter_tearing[i] + 3, 1); } @@ -419,7 +423,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, size_t len = (datalen - MFU_DUMP_PREFIX_LENGTH) / 4; for (size_t i = 0; i < len; i++) { - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, tmp->data + (i * 4), 4); } break; @@ -433,7 +437,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 4); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); } break; @@ -458,7 +462,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 8); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 8), 8); } @@ -472,7 +476,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 4); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); } break; @@ -500,7 +504,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 4); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); } break; @@ -514,7 +518,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 4); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); } break; @@ -527,7 +531,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 4); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); } break; @@ -541,7 +545,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 4); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); } break; @@ -562,14 +566,12 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, char path[PATH_MAX_LENGTH] = {0}; if (vdata[0][i][0]) { - memset(path, 0x00, sizeof(path)); - sprintf(path, "$.SectorKeys.%d.KeyA", mfSectorNum(i)); + snprintf(path, sizeof(path), "$.SectorKeys.%d.KeyA", mfSectorNum(i)); JsonSaveBufAsHexCompact(root, path, &vdata[0][i][1], 16); } if (vdata[1][i][0]) { - memset(path, 0x00, sizeof(path)); - sprintf(path, "$.SectorKeys.%d.KeyB", mfSectorNum(i)); + snprintf(path, sizeof(path), "$.SectorKeys.%d.KeyB", mfSectorNum(i)); JsonSaveBufAsHexCompact(root, path, &vdata[1][i][1], 16); } } @@ -591,24 +593,20 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, char path[PATH_MAX_LENGTH] = {0}; if (dvdata[0][i][0]) { - memset(path, 0x00, sizeof(path)); - sprintf(path, "$.DES.%d.Key", i); + snprintf(path, sizeof(path), "$.DES.%d.Key", i); JsonSaveBufAsHexCompact(root, path, &dvdata[0][i][1], 8); } if (dvdata[1][i][0]) { - memset(path, 0x00, sizeof(path)); - sprintf(path, "$.3DES.%d.Key", i); + snprintf(path, sizeof(path), "$.3DES.%d.Key", i); JsonSaveBufAsHexCompact(root, path, &dvdata[1][i][1], 16); } if (dvdata[2][i][0]) { - memset(path, 0x00, sizeof(path)); - sprintf(path, "$.AES.%d.Key", i); + snprintf(path, sizeof(path), "$.AES.%d.Key", i); JsonSaveBufAsHexCompact(root, path, &dvdata[2][i][1], 16); } if (dvdata[3][i][0]) { - memset(path, 0x00, sizeof(path)); - sprintf(path, "$.K3KDES.%d.Key", i); + snprintf(path, sizeof(path), "$.K3KDES.%d.Key", i); JsonSaveBufAsHexCompact(root, path, &dvdata[3][i][1], 24); } } @@ -1097,7 +1095,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz } char blocks[30] = {0}; - sprintf(blocks, "$.blocks.%d", i); + snprintf(blocks, sizeof(blocks), "$.blocks.%d", i); size_t len = 0; JsonLoadBufAsHex(root, blocks, &udata[sptr], 16, &len); @@ -1134,7 +1132,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz } char blocks[30] = {0}; - sprintf(blocks, "$.blocks.%d", i); + snprintf(blocks, sizeof(blocks), "$.blocks.%d", i); size_t len = 0; JsonLoadBufAsHex(root, blocks, &mem->data[sptr], MFU_BLOCK_SIZE, &len); @@ -1159,7 +1157,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz } char blocks[30] = {0}; - sprintf(blocks, "$.blocks.%zu", i); + snprintf(blocks, sizeof(blocks), "$.blocks.%zu", i); size_t len = 0; JsonLoadBufAsHex(root, blocks, &udata[sptr], 4, &len); @@ -1181,7 +1179,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz } char blocks[30] = {0}; - sprintf(blocks, "$.blocks.%zu", i); + snprintf(blocks, sizeof(blocks), "$.blocks.%zu", i); size_t len = 0; JsonLoadBufAsHex(root, blocks, &udata[sptr], 8, &len); @@ -1202,7 +1200,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz } char blocks[30] = {0}; - sprintf(blocks, "$.blocks.%zu", i); + snprintf(blocks, sizeof(blocks), "$.blocks.%zu", i); size_t len = 0; JsonLoadBufAsHex(root, blocks, &udata[sptr], 4, &len); @@ -1223,7 +1221,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz } char blocks[30] = {0}; - sprintf(blocks, "$.blocks.%zu", i); + snprintf(blocks, sizeof(blocks), "$.blocks.%zu", i); size_t len = 0; JsonLoadBufAsHex(root, blocks, &udata[sptr], 4, &len); diff --git a/client/src/iso7816/apduinfo.c b/client/src/iso7816/apduinfo.c index 7e8cc1d5b..b2d879b78 100644 --- a/client/src/iso7816/apduinfo.c +++ b/client/src/iso7816/apduinfo.c @@ -296,7 +296,7 @@ const APDUCode_t *GetAPDUCode(uint8_t sw1, uint8_t sw2) { int mineq = ARRAYLEN(APDUCodeTable); int mineqindx = 0; - sprintf(buf, "%02X%02X", sw1, sw2); + snprintf(buf, sizeof(buf), "%02X%02X", sw1, sw2); for (int i = 0; i < ARRAYLEN(APDUCodeTable); i++) { int res = CodeCmp(APDUCodeTable[i].ID, buf); diff --git a/client/src/mifare/aiddesfire.c b/client/src/mifare/aiddesfire.c index f40ca5ff3..0e768daf9 100644 --- a/client/src/mifare/aiddesfire.c +++ b/client/src/mifare/aiddesfire.c @@ -275,7 +275,7 @@ static const char *aiddf_json_get_str(json_t *data, const char *name) { static int print_aiddf_description(json_t *root, uint8_t aid[3], char *fmt, bool verbose) { char laid[7] = {0}; - sprintf(laid, "%02x%02x%02x", aid[2], aid[1], aid[0]); // must be lowercase + snprintf(laid, sizeof(laid), "%02x%02x%02x", aid[2], aid[1], aid[0]); // must be lowercase json_t *elm = NULL; @@ -307,8 +307,9 @@ static int print_aiddf_description(json_t *root, uint8_t aid[3], char *fmt, bool const char *type = aiddf_json_get_str(elm, "Type"); if (name && vendor) { - char result[5 + strlen(name) + strlen(vendor)]; - sprintf(result, " %s [%s]", name, vendor); + size_t result_len = 5 + strlen(name) + strlen(vendor); + char result[result_len]; + snprintf(result, result_len, " %s [%s]", name, vendor); PrintAndLogEx(INFO, fmt, result); } @@ -332,7 +333,7 @@ int AIDDFDecodeAndPrint(uint8_t aid[3]) { open_aiddf_file(&df_known_aids, false); char fmt[80]; - sprintf(fmt, " DF AID Function %02X%02X%02X :" _YELLOW_("%s"), aid[2], aid[1], aid[0], "%s"); + snprintf(fmt, sizeof(fmt), " DF AID Function %02X%02X%02X :" _YELLOW_("%s"), aid[2], aid[1], aid[0], "%s"); print_aiddf_description(df_known_aids, aid, fmt, false); close_aiddf_file(df_known_aids); return PM3_SUCCESS; diff --git a/client/src/mifare/desfirecore.c b/client/src/mifare/desfirecore.c index ff06ca30d..a89ac2a7a 100644 --- a/client/src/mifare/desfirecore.c +++ b/client/src/mifare/desfirecore.c @@ -322,12 +322,11 @@ const char *DesfireSelectWayToStr(DesfireISOSelectWay way) { char *DesfireWayIDStr(DesfireISOSelectWay way, uint32_t id) { static char str[200] = {0}; - memset(str, 0, sizeof(str)); if (way == ISWMF || way == ISWDFName) - sprintf(str, "%s", DesfireSelectWayToStr(way)); + snprintf(str, sizeof(str), "%s", DesfireSelectWayToStr(way)); else - sprintf(str, "%s %0*x", DesfireSelectWayToStr(way), (way == ISW6bAID) ? 6 : 4, id); + snprintf(str, sizeof(str), "%s %0*x", DesfireSelectWayToStr(way), (way == ISW6bAID) ? 6 : 4, id); return str; } @@ -2296,10 +2295,9 @@ static const char *GetDesfireKeyType(uint8_t keytype) { const char *GetDesfireAccessRightStr(uint8_t right) { static char int_access_str[200]; - memset(int_access_str, 0, sizeof(int_access_str)); if (right <= 0x0d) { - sprintf(int_access_str, "key 0x%02x", right); + snprintf(int_access_str, sizeof(int_access_str), "key 0x%02x", right); return int_access_str; } diff --git a/client/src/mifare/mad.c b/client/src/mifare/mad.c index 61843542a..f1d5c0b55 100644 --- a/client/src/mifare/mad.c +++ b/client/src/mifare/mad.c @@ -101,7 +101,7 @@ static const char *mad_json_get_str(json_t *data, const char *name) { static int print_aid_description(json_t *root, uint16_t aid, char *fmt, bool verbose) { char lmad[7] = {0}; - sprintf(lmad, "0x%04x", aid); // must be lowercase + snprintf(lmad, sizeof(lmad), "0x%04x", aid); // must be lowercase json_t *elm = NULL; @@ -132,8 +132,9 @@ static int print_aid_description(json_t *root, uint16_t aid, char *fmt, bool ver const char *integrator = mad_json_get_str(elm, "system_integrator"); if (application && company) { - char result[4 + strlen(application) + strlen(company)]; - sprintf(result, " %s [%s]", application, company); + size_t result_len = 4 + strlen(application) + strlen(company); + char result[result_len]; + snprintf(result, result_len, " %s [%s]", application, company); PrintAndLogEx(INFO, fmt, result); } @@ -334,7 +335,7 @@ int MAD1DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose, bool *haveMA PrintAndLogEx(INFO, (ibs == i) ? _MAGENTA_(" %02d [%04X] (continuation)") : " %02d [%04X] (continuation)", i, aid); } else { char fmt[30]; - sprintf(fmt, (ibs == i) ? _MAGENTA_(" %02d [%04X]%s") : " %02d [%04X]%s", i, aid, "%s"); + snprintf(fmt, sizeof(fmt), (ibs == i) ? _MAGENTA_(" %02d [%04X]%s") : " %02d [%04X]%s", i, aid, "%s"); print_aid_description(mad_known_aids, aid, fmt, verbose); prev_aid = aid; } @@ -378,7 +379,7 @@ int MAD2DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose) { PrintAndLogEx(INFO, (ibs == i) ? _MAGENTA_(" %02d [%04X] (continuation)") : " %02d [%04X] (continuation)", i + 16, aid); } else { char fmt[30]; - sprintf(fmt, (ibs == i) ? _MAGENTA_(" %02d [%04X]%s") : " %02d [%04X]%s", i + 16, aid, "%s"); + snprintf(fmt, sizeof(fmt), (ibs == i) ? _MAGENTA_(" %02d [%04X]%s") : " %02d [%04X]%s", i + 16, aid, "%s"); print_aid_description(mad_known_aids, aid, fmt, verbose); prev_aid = aid; } @@ -392,7 +393,7 @@ int MADDFDecodeAndPrint(uint32_t short_aid) { open_mad_file(&mad_known_aids, false); char fmt[50]; - sprintf(fmt, " MAD AID Function 0x%04X :" _YELLOW_("%s"), short_aid, "%s"); + snprintf(fmt, sizeof(fmt), " MAD AID Function 0x%04X :" _YELLOW_("%s"), short_aid, "%s"); print_aid_description(mad_known_aids, short_aid, fmt, false); close_mad_file(mad_known_aids); return PM3_SUCCESS; diff --git a/client/src/nfc/ndef.c b/client/src/nfc/ndef.c index c9a74ad75..f4d07ba7d 100644 --- a/client/src/nfc/ndef.c +++ b/client/src/nfc/ndef.c @@ -452,15 +452,15 @@ static int ndefDecodePayloadDeviceInfo(uint8_t *payload, size_t len) { // record.uuid_string = '123e4567-e89b-12d3-a456-426655440000' // 8-4-4-4-12 char uuid[37] = {0}; - sprintf(uuid, "%s-", sprint_hex_inrow(p, 4)); + snprintf(uuid, sizeof(uuid), "%s-", sprint_hex_inrow(p, 4)); p += 4; - sprintf(uuid + strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); + snprintf(uuid + strlen(uuid), sizeof(uuid) - strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); p += 2; - sprintf(uuid + strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); + snprintf(uuid + strlen(uuid), sizeof(uuid) - strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); p += 2; - sprintf(uuid + strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); + snprintf(uuid + strlen(uuid), sizeof(uuid) - strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); p += 2; - sprintf(uuid + strlen(uuid), "%s", sprint_hex_inrow(p, 6)); + snprintf(uuid + strlen(uuid), sizeof(uuid) - strlen(uuid), "%s", sprint_hex_inrow(p, 6)); p += 6; PrintAndLogEx(INFO, "UUID.......... " _YELLOW_("%s"), uuid); p++; diff --git a/client/src/proxguiqt.cpp b/client/src/proxguiqt.cpp index be62e1838..48a9aed22 100644 --- a/client/src/proxguiqt.cpp +++ b/client/src/proxguiqt.cpp @@ -612,7 +612,7 @@ void Plot::PlotDemod(uint8_t *buffer, size_t len, QRect plotRect, QRect annotati } if (j == (int)clk / 2) { //print label - sprintf(str, "%u", buffer[i]); + snprintf(str, sizeof(str), "%u", buffer[i]); painter->drawText(x - 8, y + ((buffer[i] > 0) ? 18 : -6), str); } } @@ -677,11 +677,11 @@ void Plot::PlotGraph(int *buffer, size_t len, QRect plotRect, QRect annotationRe painter->drawLine(xo - 5, y0, xo + 5, y0); - sprintf(yLbl, "%d", v); + snprintf(yLbl, sizeof(yLbl), "%d", v); painter->drawText(xo + 8, y0 + 7, yLbl); painter->drawLine(xo - 5, y1, xo + 5, y1); - sprintf(yLbl, "%d", -v); + snprintf(yLbl, sizeof(yLbl), "%d", -v); painter->drawText(xo + 8, y1 + 5, yLbl); lasty0 = y0; } @@ -689,7 +689,7 @@ void Plot::PlotGraph(int *buffer, size_t len, QRect plotRect, QRect annotationRe //Graph annotations painter->drawPath(penPath); char str[200]; - sprintf(str, "max=%d min=%d mean=%" PRId64 " n=%u/%zu CursorAVal=[%d] CursorBVal=[%d]", + snprintf(str, sizeof(str), "max=%d min=%d mean=%" PRId64 " n=%u/%zu CursorAVal=[%d] CursorBVal=[%d]", vMax, vMin, vMean, g_GraphStop - g_GraphStart, len, buffer[CursorAPos], buffer[CursorBPos]); painter->drawText(20, annotationRect.bottom() - 23 - 20 * graphNum, str); //clock_t end = clock(); @@ -804,12 +804,12 @@ void Plot::paintEvent(QPaintEvent *event) { char scalestr[30] = {0}; if (g_CursorScaleFactor != 1) { if (g_CursorScaleFactorUnit[0] == '\x00') { - sprintf(scalestr, "[%2.2f] ", ((int32_t)(CursorBPos - CursorAPos)) / g_CursorScaleFactor); + snprintf(scalestr, sizeof(scalestr), "[%2.2f] ", ((int32_t)(CursorBPos - CursorAPos)) / g_CursorScaleFactor); } else { - sprintf(scalestr, "[%2.2f %s] ", ((int32_t)(CursorBPos - CursorAPos)) / g_CursorScaleFactor, g_CursorScaleFactorUnit); + snprintf(scalestr, sizeof(scalestr), "[%2.2f %s] ", ((int32_t)(CursorBPos - CursorAPos)) / g_CursorScaleFactor, g_CursorScaleFactorUnit); } } - sprintf(str, "@%u..%u dt=%i %szoom=%2.2f CursorAPos=%u CursorBPos=%u GridX=%lf GridY=%lf (%s) GridXoffset=%lf", + snprintf(str, sizeof(str), "@%u..%u dt=%i %szoom=%2.2f CursorAPos=%u CursorBPos=%u GridX=%lf GridY=%lf (%s) GridXoffset=%lf", g_GraphStart, g_GraphStop, CursorBPos - CursorAPos, diff --git a/client/src/uart/uart_win32.c b/client/src/uart/uart_win32.c index bf292685a..1e57daeb2 100644 --- a/client/src/uart/uart_win32.c +++ b/client/src/uart/uart_win32.c @@ -75,7 +75,7 @@ serial_port uart_open(const char *pcPortName, uint32_t speed) { return INVALID_SERIAL_PORT; } // Copy the input "com?" to "\\.\COM?" format - sprintf(acPortName, "\\\\.\\%s", pcPortName); + snprintf(acPortName, sizeof(acPortName), "\\\\.\\%s", pcPortName); _strupr(acPortName); // Try to open the serial port diff --git a/client/src/ui.c b/client/src/ui.c index 74557cd5a..0ffabc341 100644 --- a/client/src/ui.c +++ b/client/src/ui.c @@ -719,18 +719,13 @@ void print_progress(size_t count, uint64_t max, barMode_t style) { snprintf(cbar, collen, "%s", bar); } - size_t olen = strlen(cbar) + 40; - char *out = (char *)calloc(olen, sizeof(uint8_t)); - switch (style) { case STYLE_BAR: { - sprintf(out, "%s", cbar); - printf("\b%c[2K\r[" _YELLOW_("=")"] %s", 27, out); + printf("\b%c[2K\r[" _YELLOW_("=")"] %s", 27, cbar); break; } case STYLE_MIXED: { - sprintf(out, "%s [ %zu mV / %2u V / %2u Vmax ]", cbar, count, (uint32_t)(count / 1000), (uint32_t)(max / 1000)); - printf("\b%c[2K\r[" _YELLOW_("=")"] %s", 27, out); + printf("\b%c[2K\r[" _YELLOW_("=")"] %s [ %zu mV / %2u V / %2u Vmax ]", 27, cbar, count, (uint32_t)(count / 1000), (uint32_t)(max / 1000)); break; } case STYLE_VALUE: { @@ -739,7 +734,6 @@ void print_progress(size_t count, uint64_t max, barMode_t style) { } } fflush(stdout); - free(out); free(bar); free(cbar); } diff --git a/client/src/util.c b/client/src/util.c index 94ecdd94f..ed17d4120 100644 --- a/client/src/util.c +++ b/client/src/util.c @@ -102,8 +102,11 @@ void FillFileNameByUID(char *filenamePrefix, const uint8_t *uid, const char *ext int len = strlen(filenamePrefix); - for (int j = 0; j < uidlen; j++) - sprintf(filenamePrefix + len + j * 2, "%02X", uid[j]); + for (int j = 0; j < uidlen; j++) { + // This is technically not the safest option, but there is no way to make this work without changing the function signature + // Possibly todo for future PR, but given UID lenghts are defined by program and not variable, should not be an issue + snprintf(filenamePrefix + len + j * 2, 3, "%02X", uid[j]); + } strcat(filenamePrefix, ext); } @@ -153,15 +156,15 @@ void ascii_to_buffer(uint8_t *buf, const uint8_t *hex_data, const size_t hex_len if (buf == NULL) return; - char *tmp = (char *)buf; - memset(tmp, 0x00, hex_max_len); + char *tmp_base = (char *)buf; + char *tmp = tmp_base; size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len; size_t i = 0; for (i = 0; i < max_len; ++i, tmp++) { char c = hex_data[i]; - sprintf(tmp, "%c", ((c < 32) || (c == 127)) ? '.' : c); + snprintf(tmp, hex_max_len - (tmp - tmp_base), "%c", ((c < 32) || (c == 127)) ? '.' : c); } size_t m = (min_str_len > i) ? min_str_len : 0; @@ -169,7 +172,7 @@ void ascii_to_buffer(uint8_t *buf, const uint8_t *hex_data, const size_t hex_len m = hex_max_len; for (; i < m; i++, tmp++) - sprintf(tmp, " "); + snprintf(tmp, hex_max_len - (tmp - tmp_base), " "); // remove last space *tmp = '\0'; @@ -180,17 +183,17 @@ void hex_to_buffer(uint8_t *buf, const uint8_t *hex_data, const size_t hex_len, if (buf == NULL) return; - char *tmp = (char *)buf; - memset(tmp, 0x00, hex_max_len); + char *tmp_base = (char *)buf; + char *tmp = tmp_base; size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len; size_t i; for (i = 0; i < max_len; ++i, tmp += 2 + spaces_between) { - sprintf(tmp, (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); + snprintf(tmp, hex_max_len - (tmp - tmp_base), (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); for (size_t j = 0; j < spaces_between; j++) - sprintf(tmp + 2 + j, " "); + snprintf(tmp + 2 + j, hex_max_len - ((tmp + 2 + j) - tmp_base), " "); } i *= (2 + spaces_between); @@ -200,7 +203,7 @@ void hex_to_buffer(uint8_t *buf, const uint8_t *hex_data, const size_t hex_len, m = hex_max_len; for (; i < m; i++, tmp++) - sprintf(tmp, " "); + snprintf(tmp, hex_max_len - (tmp - tmp_base), " "); // remove last space *tmp = '\0'; @@ -233,7 +236,6 @@ void print_hex_break(const uint8_t *data, const size_t len, uint8_t breaks) { if (mod) { char buf[UTIL_BUFFER_SIZE_SPRINT + 3]; - memset(buf, 0, sizeof(buf)); hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 1, true); // add the spaces... @@ -255,8 +257,7 @@ static void print_buffer_ex(const uint8_t *data, const size_t len, int level, ui break; } // (16 * 3) + (16) + + 1 - memset(buf, 0, sizeof(buf)); - sprintf(buf, "%*s%02x: ", (level * 4), " ", i); + snprintf(buf, sizeof(buf), "%*s%02x: ", (level * 4), " ", i); hex_to_buffer((uint8_t *)(buf + strlen(buf)), data + i, breaks, (sizeof(buf) - strlen(buf) - 1), 0, 1, true); snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "| %s", sprint_ascii(data + i, breaks)); @@ -267,8 +268,7 @@ static void print_buffer_ex(const uint8_t *data, const size_t len, int level, ui uint8_t mod = len % breaks; if (mod) { - memset(buf, 0, sizeof(buf)); - sprintf(buf, "%*s%02x: ", (level * 4), " ", i); + snprintf(buf, sizeof(buf), "%*s%02x: ", (level * 4), " ", i); hex_to_buffer((uint8_t *)(buf + strlen(buf)), data + i, mod, (sizeof(buf) - strlen(buf) - 1), 0, 1, true); // add the spaces... @@ -420,11 +420,10 @@ char *sprint_bin(const uint8_t *data, const size_t len) { char *sprint_hex_ascii(const uint8_t *data, const size_t len) { static char buf[UTIL_BUFFER_SIZE_SPRINT]; - char *tmp = buf; memset(buf, 0x00, UTIL_BUFFER_SIZE_SPRINT); size_t max_len = (len > 1010) ? 1010 : len; - snprintf(tmp, UTIL_BUFFER_SIZE_SPRINT, "%s| ", sprint_hex(data, max_len)); + snprintf(buf, sizeof(buf), "%s| ", sprint_hex(data, max_len)); size_t i = 0; size_t pos = (max_len * 3) + 2; @@ -435,7 +434,7 @@ char *sprint_hex_ascii(const uint8_t *data, const size_t len) { if ((c < 32) || (c == 127)) c = '.'; - sprintf(tmp + pos + i, "%c", c); + snprintf(buf + pos + i, sizeof(buf) - (pos + 1), "%c", c); ++i; } return buf; @@ -891,7 +890,7 @@ int binarraytohex(char *target, const size_t targetlen, const char *source, size if (t >= targetlen - 2) { return r; } - sprintf(target + t, "%X", x); + snprintf(target + t, targetlen - t, "%X", x); t++; r += 4; x = 0; @@ -902,7 +901,7 @@ int binarraytohex(char *target, const size_t targetlen, const char *source, size if (t >= targetlen - 5) { return r; } - sprintf(target + t, "%X[%i]", x, i); + snprintf(target + t, targetlen - t, "%X[%i]", x, i); t += 4; r += i; x = 0; @@ -913,7 +912,7 @@ int binarraytohex(char *target, const size_t targetlen, const char *source, size if (t >= targetlen - 2) { return r; } - sprintf(target + t, " "); + snprintf(target + t, targetlen - t, " "); t++; } r++; diff --git a/client/src/wiegand_formats.c b/client/src/wiegand_formats.c index a23bbc55c..e63040a19 100644 --- a/client/src/wiegand_formats.c +++ b/client/src/wiegand_formats.c @@ -1293,8 +1293,9 @@ void print_desc_wiegand(cardformat_t *fmt, wiegand_message_t *packed) { return; } - char *s = calloc(128, sizeof(uint8_t)); - sprintf(s, _YELLOW_("%-10s")" %-32s", fmt->Name, fmt->Descrp); + size_t s_len = 128; + char *s = calloc(s_len, sizeof(uint8_t)); + snprintf(s, s_len * sizeof(uint8_t), _YELLOW_("%-10s")" %-32s", fmt->Name, fmt->Descrp); if (packed->Top != 0) { PrintAndLogEx(SUCCESS, "%s -> " _GREEN_("%X%08X%08X"), diff --git a/common/iso15693tools.c b/common/iso15693tools.c index 214a66ccb..6ba659945 100644 --- a/common/iso15693tools.c +++ b/common/iso15693tools.c @@ -19,18 +19,26 @@ #include + +#define ISO15693_SPRINTUID_BUFLEN (3 * 8 + 1) + // returns a string representation of the UID // UID is transmitted and stored LSB first, displayed MSB first // dest char* buffer, where to put the UID, if NULL a static buffer is returned // uid[] the UID in transmission order // return: ptr to string char *iso15693_sprintUID(char *dest, uint8_t *uid) { - static char tempbuf[3 * 8 + 1] = {0}; + static char tempbuf[ISO15693_SPRINTUID_BUFLEN] = {0}; if (dest == NULL) dest = tempbuf; if (uid) { - sprintf(dest, "%02X %02X %02X %02X %02X %02X %02X %02X", +#ifdef HAVE_SNPRINTF + snprintf(dest, ISO15693_SPRINTUID_BUFLEN, +#else + sprintf(dest, +#endif + "%02X %02X %02X %02X %02X %02X %02X %02X", uid[7], uid[6], uid[5], uid[4], uid[3], uid[2], uid[1], uid[0] ); diff --git a/tools/hitag2crack/crack2/ht2crack2buildtable.c b/tools/hitag2crack/crack2/ht2crack2buildtable.c index a8f576f5f..15f1cb192 100644 --- a/tools/hitag2crack/crack2/ht2crack2buildtable.c +++ b/tools/hitag2crack/crack2/ht2crack2buildtable.c @@ -76,8 +76,8 @@ static void create_table(struct table *tt, int d_1, int d_2) { } // create the path -// sprintf(tt->path, "/Volumes/2tb/%02X/%02X.bin", d_1 & 0xff, d_2 & 0xff); - sprintf(tt->path, "table/%02x/%02x.bin", d_1 & 0xff, d_2 & 0xff); +// snprintf(tt->path, sizeof(tt->path), "/Volumes/2tb/%02X/%02X.bin", d_1 & 0xff, d_2 & 0xff); + snprintf(tt->path, sizeof(tt->path), "table/%02x/%02x.bin", d_1 & 0xff, d_2 & 0xff); } @@ -341,12 +341,12 @@ static void makedirs(void) { } for (i = 0; i < 0x100; i++) { - sprintf(path, "table/%02x", i); + snprintf(path, sizeof(path), "table/%02x", i); if (mkdir(path, 0755)) { printf("cannot make dir %s\n", path); exit(1); } - sprintf(path, "sorted/%02x", i); + snprintf(path, sizeof(path), "sorted/%02x", i); if (mkdir(path, 0755)) { printf("cannot make dir %s\n", path); exit(1); @@ -387,7 +387,7 @@ static void *sorttable(void *dd) { printf("sorttable: processing bytes 0x%02x/0x%02x\n", i, j); // open file, stat it and mmap it - sprintf(infile, "table/%02x/%02x.bin", i, j); + snprintf(infile, sizeof(infile), "table/%02x/%02x.bin", i, j); fdin = open(infile, O_RDONLY); if (fdin <= 0) { @@ -424,7 +424,7 @@ static void *sorttable(void *dd) { qsort_r(table, numentries, DATASIZE, datacmp, dummy); // write to file - sprintf(outfile, "sorted/%02x/%02x.bin", i, j); + snprintf(outfile, sizeof(outfile), "sorted/%02x/%02x.bin", i, j); fdout = open(outfile, O_WRONLY | O_CREAT, 0644); if (fdout <= 0) { printf("cannot create outfile %s\n", outfile); diff --git a/tools/hitag2crack/crack2/ht2crack2gentest.c b/tools/hitag2crack/crack2/ht2crack2gentest.c index cc8d1e94e..ba89526fa 100644 --- a/tools/hitag2crack/crack2/ht2crack2gentest.c +++ b/tools/hitag2crack/crack2/ht2crack2gentest.c @@ -25,7 +25,7 @@ static int makerandom(char *hex, unsigned int len, int fd) { } for (i = 0; i < len; i++) { - sprintf(hex + (2 * i), "%02X", raw[i]); + snprintf(hex + (2 * i), 3, "%02X", raw[i]); } return 1; @@ -65,7 +65,7 @@ int main(int argc, char *argv[]) { makerandom(key, 6, urandomfd); makerandom(uid, 4, urandomfd); makerandom(nR, 4, urandomfd); - sprintf(filename, "keystream.key-%s.uid-%s.nR-%s", key, uid, nR); + snprintf(filename, sizeof(filename), "keystream.key-%s.uid-%s.nR-%s", key, uid, nR); FILE *fp = fopen(filename, "w"); if (!fp) { diff --git a/tools/hitag2crack/crack2/ht2crack2search.c b/tools/hitag2crack/crack2/ht2crack2search.c index c775f7011..b98457f4f 100644 --- a/tools/hitag2crack/crack2/ht2crack2search.c +++ b/tools/hitag2crack/crack2/ht2crack2search.c @@ -166,7 +166,7 @@ static int searchcand(unsigned char *c, unsigned char *rt, int fwd, unsigned cha return 0; } - sprintf(file, INPUTFILE, c[0], c[1]); + snprintf(file, sizeof(file), INPUTFILE, c[0], c[1]); fd = open(file, O_RDONLY); if (fd <= 0) { diff --git a/tools/mf_nonce_brute/mf_nonce_brute.c b/tools/mf_nonce_brute/mf_nonce_brute.c index 32b4d9bd6..8d98e04cf 100644 --- a/tools/mf_nonce_brute/mf_nonce_brute.c +++ b/tools/mf_nonce_brute/mf_nonce_brute.c @@ -153,17 +153,17 @@ static void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const siz if (buf == NULL) return; - char *tmp = (char *)buf; + char *tmp_base = (char *)buf; + char *tmp = tmp_base; size_t i; - memset(tmp, 0x00, hex_max_len); size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len; for (i = 0; i < max_len; ++i, tmp += 2 + spaces_between) { - sprintf(tmp, (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); + snprintf(tmp, hex_max_len - (tmp - tmp_base), (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); for (size_t j = 0; j < spaces_between; j++) - sprintf(tmp + 2 + j, " "); + snprintf(tmp + 2 + j, hex_max_len - (2 + j + (tmp - tmp_base)), " "); } i *= (2 + spaces_between); @@ -173,11 +173,10 @@ static void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const siz mlen = hex_max_len; for (; i < mlen; i++, tmp += 1) - sprintf(tmp, " "); + snprintf(tmp, hex_max_len - (tmp - tmp_base), " "); // remove last space *tmp = '\0'; - return; } static char *sprint_hex_inrow_ex(const uint8_t *data, const size_t len, const size_t min_str_len) { diff --git a/tools/mf_nonce_brute/mf_trace_brute.c b/tools/mf_nonce_brute/mf_trace_brute.c index a25bfff5f..8bc255517 100644 --- a/tools/mf_nonce_brute/mf_trace_brute.c +++ b/tools/mf_nonce_brute/mf_trace_brute.c @@ -139,17 +139,17 @@ static void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const siz if (buf == NULL) return; - char *tmp = (char *)buf; + char *tmp_base = (char *)buf; + char *tmp = tmp_base; size_t i; - memset(tmp, 0x00, hex_max_len); size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len; for (i = 0; i < max_len; ++i, tmp += 2 + spaces_between) { - sprintf(tmp, (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); + snprintf(tmp, hex_max_len - (tmp - tmp_base), (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); for (size_t j = 0; j < spaces_between; j++) - sprintf(tmp + 2 + j, " "); + snprintf(tmp + 2 + j, hex_max_len - (2 + j + (tmp - tmp_base)), " "); } i *= (2 + spaces_between); @@ -159,11 +159,10 @@ static void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const siz mlen = hex_max_len; for (; i < mlen; i++, tmp += 1) - sprintf(tmp, " "); + snprintf(tmp, hex_max_len - (tmp - tmp_base), " "); // remove last space *tmp = '\0'; - return; } static char *sprint_hex_inrow_ex(const uint8_t *data, const size_t len, const size_t min_str_len) {