github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-22 06:13:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix outofbounds

Browse source
This commit is contained in:
iceman1001 2022-01-11 10:54:14 +01:00
commit 5f9d8273e6
1 changed files with 23 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

36
client/src/emv/emv_pk.c
View file

@ -269,23 +269,27 @@ char *emv_pk_dump_pk(const struct emv_pk *pk) {
size_t outpos = 0; size_t outpos = 0;
size_t outsize = 1048; // should be enough size_t outsize = 1048; // should be enough
char *out = calloc(1, outsize); // should be enough char *out = calloc(1, outsize); // should be enough
if (!out) if (out == NULL) {
return NULL; return NULL;
}
size_t rc = emv_pk_write_bin(out + outpos, outsize - outpos, pk->rid, 5); size_t rc = emv_pk_write_bin(out + outpos, outsize - outpos, pk->rid, 5);
if (rc == 0) if (rc == 0) {
goto err; goto err;
}
outpos += rc; outpos += rc;
rc = emv_pk_write_bin(out + outpos, outsize - outpos, &pk->index, 1); rc = emv_pk_write_bin(out + outpos, outsize - outpos, &pk->index, 1);
if (rc == 0) if (rc == 0) {
goto err; goto err;
}
outpos += rc; outpos += rc;
if (outpos + 7 > outsize) if (outpos + 7 >= outsize) {
goto err; goto err;
}
out[outpos++] = TOHEX((pk->expire >> 20) & 0xf); out[outpos++] = TOHEX((pk->expire >> 20) & 0xf);
out[outpos++] = TOHEX((pk->expire >> 16) & 0xf); out[outpos++] = TOHEX((pk->expire >> 16) & 0xf);
out[outpos++] = TOHEX((pk->expire >> 12) & 0xf); out[outpos++] = TOHEX((pk->expire >> 12) & 0xf);
@ -296,13 +300,15 @@ char *emv_pk_dump_pk(const struct emv_pk *pk) {
if (pk->pk_algo == PK_RSA) { if (pk->pk_algo == PK_RSA) {
rc = emv_pk_write_str(out + outpos, outsize - outpos, "rsa"); rc = emv_pk_write_str(out + outpos, outsize - outpos, "rsa");
if (rc == 0) if (rc == 0) {
goto err; goto err;
}
outpos += rc; outpos += rc;
out[outpos++] = ' '; out[outpos++] = ' ';
} else { } else {
if (outpos + 4 > outsize) if (outpos + 4 >= outsize) {
goto err; goto err;
}
out[outpos++] = '?'; out[outpos++] = '?';
out[outpos++] = '?'; out[outpos++] = '?';
out[outpos++] = TOHEX(pk->pk_algo >> 4); out[outpos++] = TOHEX(pk->pk_algo >> 4);
@ -310,24 +316,28 @@ char *emv_pk_dump_pk(const struct emv_pk *pk) {
} }
rc = emv_pk_write_bin(out + outpos, outsize - outpos, pk->exp, pk->elen); rc = emv_pk_write_bin(out + outpos, outsize - outpos, pk->exp, pk->elen);
if (rc == 0) if (rc == 0) {
goto err; goto err;
}
outpos += rc; outpos += rc;
rc = emv_pk_write_bin(out + outpos, outsize - outpos, pk->modulus, pk->mlen); rc = emv_pk_write_bin(out + outpos, outsize - outpos, pk->modulus, pk->mlen);
if (rc == 0) if (rc == 0) {
goto err; goto err;
}
outpos += rc; outpos += rc;
if (pk->hash_algo == HASH_SHA_1) { if (pk->hash_algo == HASH_SHA_1) {
rc = emv_pk_write_str(out + outpos, outsize - outpos, "sha1"); rc = emv_pk_write_str(out + outpos, outsize - outpos, "sha1");
if (rc == 0) if (rc == 0) {
goto err; goto err;
}
outpos += rc; outpos += rc;
out[outpos++] = ' '; out[outpos++] = ' ';
} else { } else {
if (outpos + 4 > outsize) if (outpos + 4 >= outsize) {
goto err; goto err;
}
out[outpos++] = '?'; out[outpos++] = '?';
out[outpos++] = '?'; out[outpos++] = '?';
out[outpos++] = TOHEX(pk->pk_algo >> 4); out[outpos++] = TOHEX(pk->pk_algo >> 4);
@ -336,12 +346,12 @@ char *emv_pk_dump_pk(const struct emv_pk *pk) {
rc = emv_pk_write_bin(out + outpos, outsize - outpos, pk->hash, 20); rc = emv_pk_write_bin(out + outpos, outsize - outpos, pk->hash, 20);
if (rc == 0) if (rc == 0) {
goto err; goto err;
}
outpos += rc; outpos += rc;
out[outpos - 1] = '\0'; out[outpos - 1] = '\0';
return out; return out;
err: err: