From 69e1afbda9dfb40da323f28b2ad6ff7b60ea351d Mon Sep 17 00:00:00 2001
From: mwalker33 <51802811+mwalker33@users.noreply.github.com>
Date: Tue, 22 Jun 2021 17:15:04 +1000
Subject: [PATCH 1/2] Update cmdhfmfdes.c

Coverity : 320356, 286670, 344402
---
 client/src/cmdhfmfdes.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c
index 4a59c780a..545d3fe37 100644
--- a/client/src/cmdhfmfdes.c
+++ b/client/src/cmdhfmfdes.c
@@ -1200,7 +1200,7 @@ static int mifare_desfire_change_key(uint8_t key_no, uint8_t *new_key, uint8_t n
 
         // PICC master key, keyalgo specific 2bit MSB
         switch (new_algo) {
-            case MFDES_ALGO_DES:
+            // case MFDES_ALGO_DES: // not needed as we patched des to 3des above. (coverty deadcode)
             case MFDES_ALGO_3DES:
                 break;            // 00xx xxx
             case MFDES_ALGO_3K3DES:
@@ -1962,7 +1962,7 @@ static int handler_desfire_readdata(mfdes_data_t *data, MFDES_FILE_TYPE_T type,
     }
 
     // we need the CMD 0xBD <data> to calc the CMAC
-    uint8_t tmp_data[8]; // Since the APDU is hardcoded to 7 bytes of payload 7+1 = 8 is enough.
+    uint8_t tmp_data[15]; // Since the APDU is hardcoded to 7 bytes of payload 7+1 = 8  + 4 bytes for CRC/CMAC should be enough.
     tmp_data[0] = apdu.INS;
     memcpy(&tmp_data[1], data, 7);
 
@@ -2066,7 +2066,8 @@ static int handler_desfire_writedata(mfdes_data_t *data, MFDES_FILE_TYPE_T type,
         tmp[5] = datasize & 0xFF;
         tmp[6] = (datasize >> 8) & 0xFF;
         tmp[7] = (datasize >> 16) & 0xFF;
-        memcpy(&tmp[8], (uint8_t *)&data->data[offset], datasize);
+//        memcpy(&tmp[8], (uint8_t *)&data->data[offset], datasize); // Incorredt data offset, data to write should be in data (no offset)
+        memcpy(&tmp[8], (uint8_t *)data->data, datasize);
 
         size_t plen = datasize + 8;
         uint8_t *p = mifare_cryto_preprocess_data(tag, tmp, &plen, 8, cs | MAC_COMMAND | CMAC_COMMAND | ENC_COMMAND);

From 1655cdd206100a7b520bce6f0a995bc928d5214e Mon Sep 17 00:00:00 2001
From: mwalker33 <51802811+mwalker33@users.noreply.github.com>
Date: Tue, 22 Jun 2021 17:22:01 +1000
Subject: [PATCH 2/2] Update cmdhfmfdes.c

Remove old code
---
 client/src/cmdhfmfdes.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c
index 545d3fe37..36310e680 100644
--- a/client/src/cmdhfmfdes.c
+++ b/client/src/cmdhfmfdes.c
@@ -2066,7 +2066,7 @@ static int handler_desfire_writedata(mfdes_data_t *data, MFDES_FILE_TYPE_T type,
         tmp[5] = datasize & 0xFF;
         tmp[6] = (datasize >> 8) & 0xFF;
         tmp[7] = (datasize >> 16) & 0xFF;
-//        memcpy(&tmp[8], (uint8_t *)&data->data[offset], datasize); // Incorredt data offset, data to write should be in data (no offset)
+
         memcpy(&tmp[8], (uint8_t *)data->data, datasize);
 
         size_t plen = datasize + 8;