diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index c837a3380..b86335c66 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -552,6 +552,8 @@ if (NOT SKIPPYTHON EQUAL 1) endif (NOT SKIPPYTHON EQUAL 1) message(STATUS "===================================================================") +add_definitions(-DHAVE_SNPRINTF) + add_executable(proxmark3 ${PM3_ROOT}/client/src/proxmark3.c ${TARGET_SOURCES} diff --git a/client/Makefile b/client/Makefile index 2178f6686..e2dd1a224 100644 --- a/client/Makefile +++ b/client/Makefile @@ -402,6 +402,8 @@ ifeq ($(SWIG_PYTHON_FOUND),1) PM3CFLAGS += -DHAVE_PYTHON_SWIG endif +PM3CFLAGS += -DHAVE_SNPRINTF + CXXFLAGS ?= -Wall -Werror -O3 PM3CXXFLAGS = $(CXXFLAGS) PM3CXXFLAGS += -I../include -I./include @@ -415,6 +417,8 @@ ifeq ($(QT_FOUND),1) endif endif +PM3CXXFLAGS += -DHAVE_SNPRINTF + LDFLAGS ?= $(DEFLDFLAGS) PM3LDFLAGS = $(LDFLAGS) ifeq ($(platform),Darwin) diff --git a/client/src/emv/emvcore.c b/client/src/emv/emvcore.c index 63e0c14dc..17aa2610e 100644 --- a/client/src/emv/emvcore.c +++ b/client/src/emv/emvcore.c @@ -224,7 +224,7 @@ struct tlvdb *GetPANFromTrack2(const struct tlv *track2) { return NULL; for (int i = 0; i < track2->len; ++i, tmp += 2) - sprintf(tmp, "%02x", (unsigned int)track2->value[i]); + snprintf(tmp, sizeof(track2Hex) - (tmp - track2Hex), "%02x", (unsigned int)track2->value[i]); int posD = strchr(track2Hex, 'd') - track2Hex; if (posD < 1) @@ -253,7 +253,7 @@ struct tlvdb *GetdCVVRawFromTrack2(const struct tlv *track2) { return NULL; for (int i = 0; i < track2->len; ++i, tmp += 2) - sprintf(tmp, "%02x", (unsigned int)track2->value[i]); + snprintf(tmp, sizeof(track2Hex) - (tmp - track2Hex), "%02x", (unsigned int)track2->value[i]); int posD = strchr(track2Hex, 'd') - track2Hex; if (posD < 1) diff --git a/client/src/emv/emvjson.c b/client/src/emv/emvjson.c index 0b4b74297..448e05ba7 100644 --- a/client/src/emv/emvjson.c +++ b/client/src/emv/emvjson.c @@ -206,7 +206,7 @@ int JsonSaveTLVTree(json_t *root, json_t *elm, const char *path, struct tlvdb *t if (AppDataName) { char appdatalink[200] = {0}; - sprintf(appdatalink, "$.ApplicationData.%s", AppDataName); + snprintf(appdatalink, sizeof(appdatalink), "$.ApplicationData.%s", AppDataName); JsonSaveBufAsHex(root, appdatalink, (uint8_t *)tlvpelm->value, tlvpelm->len); } diff --git a/client/src/fileutils.c b/client/src/fileutils.c index 3dee474c0..026193702 100644 --- a/client/src/fileutils.c +++ b/client/src/fileutils.c @@ -251,15 +251,19 @@ char *newfilenamemcopy(const char *preferredName, const char *suffix) { if (str_endswith(preferredName, suffix)) p_namelen -= strlen(suffix); - char *fileName = (char *) calloc(p_namelen + strlen(suffix) + 1 + 10, sizeof(uint8_t)); // 10: room for filenum to ensure new filename + const size_t fileNameLen = p_namelen + strlen(suffix) + 1 + 10; + const size_t fileNameSize = fileNameLen * sizeof(uint8_t); + + char *fileName = (char *) calloc(fileNameLen, sizeof(uint8_t)); // 10: room for filenum to ensure new filename if (fileName == NULL) { return NULL; } + int num = 1; - sprintf(fileName, "%.*s%s", p_namelen, preferredName, suffix); + snprintf(fileName, fileNameSize, "%.*s%s", p_namelen, preferredName, suffix); while (fileExists(fileName)) { - sprintf(fileName, "%.*s-%d%s", p_namelen, preferredName, num, suffix); + snprintf(fileName, fileNameSize, "%.*s-%d%s", p_namelen, preferredName, num, suffix); num++; } return fileName; @@ -361,7 +365,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, JsonSaveBufAsHexCompact(root, "$.Card.SAK", &(xdump->card_info.sak), 1); for (size_t i = 0; i < (xdump->dumplen / 16); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, &xdump->dump[i * 16], 16); if (mfIsSectorTrailer(i)) { snprintf(path, sizeof(path), "$.SectorKeys.%d.KeyA", mfSectorNum(i)); @@ -409,9 +413,9 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, JsonSaveBufAsHexCompact(root, "$.Card.TBO_1", tmp->tbo1, sizeof(tmp->tbo1)); JsonSaveBufAsHexCompact(root, "$.Card.Signature", tmp->signature, sizeof(tmp->signature)); for (uint8_t i = 0; i < 3; i ++) { - sprintf(path, "$.Card.Counter%d", i); + snprintf(path, sizeof(path), "$.Card.Counter%d", i); JsonSaveBufAsHexCompact(root, path, tmp->counter_tearing[i], 3); - sprintf(path, "$.Card.Tearing%d", i); + snprintf(path, sizeof(path), "$.Card.Tearing%d", i); JsonSaveBufAsHexCompact(root, path, tmp->counter_tearing[i] + 3, 1); } @@ -419,7 +423,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, size_t len = (datalen - MFU_DUMP_PREFIX_LENGTH) / 4; for (size_t i = 0; i < len; i++) { - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, tmp->data + (i * 4), 4); } break; @@ -433,7 +437,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 4); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); } break; @@ -458,7 +462,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 8); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 8), 8); } @@ -472,7 +476,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 4); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); } break; @@ -500,7 +504,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 4); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); } break; @@ -514,7 +518,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 4); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); } break; @@ -527,7 +531,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 4); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); } break; @@ -541,7 +545,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, for (size_t i = 0; i < (datalen / 4); i++) { char path[PATH_MAX_LENGTH] = {0}; - sprintf(path, "$.blocks.%zu", i); + snprintf(path, sizeof(path), "$.blocks.%zu", i); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); } break; @@ -562,14 +566,12 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, char path[PATH_MAX_LENGTH] = {0}; if (vdata[0][i][0]) { - memset(path, 0x00, sizeof(path)); - sprintf(path, "$.SectorKeys.%d.KeyA", mfSectorNum(i)); + snprintf(path, sizeof(path), "$.SectorKeys.%d.KeyA", mfSectorNum(i)); JsonSaveBufAsHexCompact(root, path, &vdata[0][i][1], 16); } if (vdata[1][i][0]) { - memset(path, 0x00, sizeof(path)); - sprintf(path, "$.SectorKeys.%d.KeyB", mfSectorNum(i)); + snprintf(path, sizeof(path), "$.SectorKeys.%d.KeyB", mfSectorNum(i)); JsonSaveBufAsHexCompact(root, path, &vdata[1][i][1], 16); } } @@ -591,24 +593,20 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, char path[PATH_MAX_LENGTH] = {0}; if (dvdata[0][i][0]) { - memset(path, 0x00, sizeof(path)); - sprintf(path, "$.DES.%d.Key", i); + snprintf(path, sizeof(path), "$.DES.%d.Key", i); JsonSaveBufAsHexCompact(root, path, &dvdata[0][i][1], 8); } if (dvdata[1][i][0]) { - memset(path, 0x00, sizeof(path)); - sprintf(path, "$.3DES.%d.Key", i); + snprintf(path, sizeof(path), "$.3DES.%d.Key", i); JsonSaveBufAsHexCompact(root, path, &dvdata[1][i][1], 16); } if (dvdata[2][i][0]) { - memset(path, 0x00, sizeof(path)); - sprintf(path, "$.AES.%d.Key", i); + snprintf(path, sizeof(path), "$.AES.%d.Key", i); JsonSaveBufAsHexCompact(root, path, &dvdata[2][i][1], 16); } if (dvdata[3][i][0]) { - memset(path, 0x00, sizeof(path)); - sprintf(path, "$.K3KDES.%d.Key", i); + snprintf(path, sizeof(path), "$.K3KDES.%d.Key", i); JsonSaveBufAsHexCompact(root, path, &dvdata[3][i][1], 24); } } @@ -1097,7 +1095,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz } char blocks[30] = {0}; - sprintf(blocks, "$.blocks.%d", i); + snprintf(blocks, sizeof(blocks), "$.blocks.%d", i); size_t len = 0; JsonLoadBufAsHex(root, blocks, &udata[sptr], 16, &len); @@ -1134,7 +1132,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz } char blocks[30] = {0}; - sprintf(blocks, "$.blocks.%d", i); + snprintf(blocks, sizeof(blocks), "$.blocks.%d", i); size_t len = 0; JsonLoadBufAsHex(root, blocks, &mem->data[sptr], MFU_BLOCK_SIZE, &len); @@ -1159,7 +1157,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz } char blocks[30] = {0}; - sprintf(blocks, "$.blocks.%zu", i); + snprintf(blocks, sizeof(blocks), "$.blocks.%zu", i); size_t len = 0; JsonLoadBufAsHex(root, blocks, &udata[sptr], 4, &len); @@ -1181,7 +1179,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz } char blocks[30] = {0}; - sprintf(blocks, "$.blocks.%zu", i); + snprintf(blocks, sizeof(blocks), "$.blocks.%zu", i); size_t len = 0; JsonLoadBufAsHex(root, blocks, &udata[sptr], 8, &len); @@ -1202,7 +1200,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz } char blocks[30] = {0}; - sprintf(blocks, "$.blocks.%zu", i); + snprintf(blocks, sizeof(blocks), "$.blocks.%zu", i); size_t len = 0; JsonLoadBufAsHex(root, blocks, &udata[sptr], 4, &len); @@ -1223,7 +1221,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz } char blocks[30] = {0}; - sprintf(blocks, "$.blocks.%zu", i); + snprintf(blocks, sizeof(blocks), "$.blocks.%zu", i); size_t len = 0; JsonLoadBufAsHex(root, blocks, &udata[sptr], 4, &len); diff --git a/client/src/iso7816/apduinfo.c b/client/src/iso7816/apduinfo.c index 7e8cc1d5b..b2d879b78 100644 --- a/client/src/iso7816/apduinfo.c +++ b/client/src/iso7816/apduinfo.c @@ -296,7 +296,7 @@ const APDUCode_t *GetAPDUCode(uint8_t sw1, uint8_t sw2) { int mineq = ARRAYLEN(APDUCodeTable); int mineqindx = 0; - sprintf(buf, "%02X%02X", sw1, sw2); + snprintf(buf, sizeof(buf), "%02X%02X", sw1, sw2); for (int i = 0; i < ARRAYLEN(APDUCodeTable); i++) { int res = CodeCmp(APDUCodeTable[i].ID, buf); diff --git a/client/src/mifare/aiddesfire.c b/client/src/mifare/aiddesfire.c index f40ca5ff3..0e768daf9 100644 --- a/client/src/mifare/aiddesfire.c +++ b/client/src/mifare/aiddesfire.c @@ -275,7 +275,7 @@ static const char *aiddf_json_get_str(json_t *data, const char *name) { static int print_aiddf_description(json_t *root, uint8_t aid[3], char *fmt, bool verbose) { char laid[7] = {0}; - sprintf(laid, "%02x%02x%02x", aid[2], aid[1], aid[0]); // must be lowercase + snprintf(laid, sizeof(laid), "%02x%02x%02x", aid[2], aid[1], aid[0]); // must be lowercase json_t *elm = NULL; @@ -307,8 +307,9 @@ static int print_aiddf_description(json_t *root, uint8_t aid[3], char *fmt, bool const char *type = aiddf_json_get_str(elm, "Type"); if (name && vendor) { - char result[5 + strlen(name) + strlen(vendor)]; - sprintf(result, " %s [%s]", name, vendor); + size_t result_len = 5 + strlen(name) + strlen(vendor); + char result[result_len]; + snprintf(result, result_len, " %s [%s]", name, vendor); PrintAndLogEx(INFO, fmt, result); } @@ -332,7 +333,7 @@ int AIDDFDecodeAndPrint(uint8_t aid[3]) { open_aiddf_file(&df_known_aids, false); char fmt[80]; - sprintf(fmt, " DF AID Function %02X%02X%02X :" _YELLOW_("%s"), aid[2], aid[1], aid[0], "%s"); + snprintf(fmt, sizeof(fmt), " DF AID Function %02X%02X%02X :" _YELLOW_("%s"), aid[2], aid[1], aid[0], "%s"); print_aiddf_description(df_known_aids, aid, fmt, false); close_aiddf_file(df_known_aids); return PM3_SUCCESS; diff --git a/client/src/mifare/desfirecore.c b/client/src/mifare/desfirecore.c index ff06ca30d..a89ac2a7a 100644 --- a/client/src/mifare/desfirecore.c +++ b/client/src/mifare/desfirecore.c @@ -322,12 +322,11 @@ const char *DesfireSelectWayToStr(DesfireISOSelectWay way) { char *DesfireWayIDStr(DesfireISOSelectWay way, uint32_t id) { static char str[200] = {0}; - memset(str, 0, sizeof(str)); if (way == ISWMF || way == ISWDFName) - sprintf(str, "%s", DesfireSelectWayToStr(way)); + snprintf(str, sizeof(str), "%s", DesfireSelectWayToStr(way)); else - sprintf(str, "%s %0*x", DesfireSelectWayToStr(way), (way == ISW6bAID) ? 6 : 4, id); + snprintf(str, sizeof(str), "%s %0*x", DesfireSelectWayToStr(way), (way == ISW6bAID) ? 6 : 4, id); return str; } @@ -2296,10 +2295,9 @@ static const char *GetDesfireKeyType(uint8_t keytype) { const char *GetDesfireAccessRightStr(uint8_t right) { static char int_access_str[200]; - memset(int_access_str, 0, sizeof(int_access_str)); if (right <= 0x0d) { - sprintf(int_access_str, "key 0x%02x", right); + snprintf(int_access_str, sizeof(int_access_str), "key 0x%02x", right); return int_access_str; } diff --git a/client/src/mifare/mad.c b/client/src/mifare/mad.c index 61843542a..f1d5c0b55 100644 --- a/client/src/mifare/mad.c +++ b/client/src/mifare/mad.c @@ -101,7 +101,7 @@ static const char *mad_json_get_str(json_t *data, const char *name) { static int print_aid_description(json_t *root, uint16_t aid, char *fmt, bool verbose) { char lmad[7] = {0}; - sprintf(lmad, "0x%04x", aid); // must be lowercase + snprintf(lmad, sizeof(lmad), "0x%04x", aid); // must be lowercase json_t *elm = NULL; @@ -132,8 +132,9 @@ static int print_aid_description(json_t *root, uint16_t aid, char *fmt, bool ver const char *integrator = mad_json_get_str(elm, "system_integrator"); if (application && company) { - char result[4 + strlen(application) + strlen(company)]; - sprintf(result, " %s [%s]", application, company); + size_t result_len = 4 + strlen(application) + strlen(company); + char result[result_len]; + snprintf(result, result_len, " %s [%s]", application, company); PrintAndLogEx(INFO, fmt, result); } @@ -334,7 +335,7 @@ int MAD1DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose, bool *haveMA PrintAndLogEx(INFO, (ibs == i) ? _MAGENTA_(" %02d [%04X] (continuation)") : " %02d [%04X] (continuation)", i, aid); } else { char fmt[30]; - sprintf(fmt, (ibs == i) ? _MAGENTA_(" %02d [%04X]%s") : " %02d [%04X]%s", i, aid, "%s"); + snprintf(fmt, sizeof(fmt), (ibs == i) ? _MAGENTA_(" %02d [%04X]%s") : " %02d [%04X]%s", i, aid, "%s"); print_aid_description(mad_known_aids, aid, fmt, verbose); prev_aid = aid; } @@ -378,7 +379,7 @@ int MAD2DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose) { PrintAndLogEx(INFO, (ibs == i) ? _MAGENTA_(" %02d [%04X] (continuation)") : " %02d [%04X] (continuation)", i + 16, aid); } else { char fmt[30]; - sprintf(fmt, (ibs == i) ? _MAGENTA_(" %02d [%04X]%s") : " %02d [%04X]%s", i + 16, aid, "%s"); + snprintf(fmt, sizeof(fmt), (ibs == i) ? _MAGENTA_(" %02d [%04X]%s") : " %02d [%04X]%s", i + 16, aid, "%s"); print_aid_description(mad_known_aids, aid, fmt, verbose); prev_aid = aid; } @@ -392,7 +393,7 @@ int MADDFDecodeAndPrint(uint32_t short_aid) { open_mad_file(&mad_known_aids, false); char fmt[50]; - sprintf(fmt, " MAD AID Function 0x%04X :" _YELLOW_("%s"), short_aid, "%s"); + snprintf(fmt, sizeof(fmt), " MAD AID Function 0x%04X :" _YELLOW_("%s"), short_aid, "%s"); print_aid_description(mad_known_aids, short_aid, fmt, false); close_mad_file(mad_known_aids); return PM3_SUCCESS; diff --git a/client/src/nfc/ndef.c b/client/src/nfc/ndef.c index c9a74ad75..f4d07ba7d 100644 --- a/client/src/nfc/ndef.c +++ b/client/src/nfc/ndef.c @@ -452,15 +452,15 @@ static int ndefDecodePayloadDeviceInfo(uint8_t *payload, size_t len) { // record.uuid_string = '123e4567-e89b-12d3-a456-426655440000' // 8-4-4-4-12 char uuid[37] = {0}; - sprintf(uuid, "%s-", sprint_hex_inrow(p, 4)); + snprintf(uuid, sizeof(uuid), "%s-", sprint_hex_inrow(p, 4)); p += 4; - sprintf(uuid + strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); + snprintf(uuid + strlen(uuid), sizeof(uuid) - strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); p += 2; - sprintf(uuid + strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); + snprintf(uuid + strlen(uuid), sizeof(uuid) - strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); p += 2; - sprintf(uuid + strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); + snprintf(uuid + strlen(uuid), sizeof(uuid) - strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); p += 2; - sprintf(uuid + strlen(uuid), "%s", sprint_hex_inrow(p, 6)); + snprintf(uuid + strlen(uuid), sizeof(uuid) - strlen(uuid), "%s", sprint_hex_inrow(p, 6)); p += 6; PrintAndLogEx(INFO, "UUID.......... " _YELLOW_("%s"), uuid); p++; diff --git a/client/src/proxguiqt.cpp b/client/src/proxguiqt.cpp index be62e1838..48a9aed22 100644 --- a/client/src/proxguiqt.cpp +++ b/client/src/proxguiqt.cpp @@ -612,7 +612,7 @@ void Plot::PlotDemod(uint8_t *buffer, size_t len, QRect plotRect, QRect annotati } if (j == (int)clk / 2) { //print label - sprintf(str, "%u", buffer[i]); + snprintf(str, sizeof(str), "%u", buffer[i]); painter->drawText(x - 8, y + ((buffer[i] > 0) ? 18 : -6), str); } } @@ -677,11 +677,11 @@ void Plot::PlotGraph(int *buffer, size_t len, QRect plotRect, QRect annotationRe painter->drawLine(xo - 5, y0, xo + 5, y0); - sprintf(yLbl, "%d", v); + snprintf(yLbl, sizeof(yLbl), "%d", v); painter->drawText(xo + 8, y0 + 7, yLbl); painter->drawLine(xo - 5, y1, xo + 5, y1); - sprintf(yLbl, "%d", -v); + snprintf(yLbl, sizeof(yLbl), "%d", -v); painter->drawText(xo + 8, y1 + 5, yLbl); lasty0 = y0; } @@ -689,7 +689,7 @@ void Plot::PlotGraph(int *buffer, size_t len, QRect plotRect, QRect annotationRe //Graph annotations painter->drawPath(penPath); char str[200]; - sprintf(str, "max=%d min=%d mean=%" PRId64 " n=%u/%zu CursorAVal=[%d] CursorBVal=[%d]", + snprintf(str, sizeof(str), "max=%d min=%d mean=%" PRId64 " n=%u/%zu CursorAVal=[%d] CursorBVal=[%d]", vMax, vMin, vMean, g_GraphStop - g_GraphStart, len, buffer[CursorAPos], buffer[CursorBPos]); painter->drawText(20, annotationRect.bottom() - 23 - 20 * graphNum, str); //clock_t end = clock(); @@ -804,12 +804,12 @@ void Plot::paintEvent(QPaintEvent *event) { char scalestr[30] = {0}; if (g_CursorScaleFactor != 1) { if (g_CursorScaleFactorUnit[0] == '\x00') { - sprintf(scalestr, "[%2.2f] ", ((int32_t)(CursorBPos - CursorAPos)) / g_CursorScaleFactor); + snprintf(scalestr, sizeof(scalestr), "[%2.2f] ", ((int32_t)(CursorBPos - CursorAPos)) / g_CursorScaleFactor); } else { - sprintf(scalestr, "[%2.2f %s] ", ((int32_t)(CursorBPos - CursorAPos)) / g_CursorScaleFactor, g_CursorScaleFactorUnit); + snprintf(scalestr, sizeof(scalestr), "[%2.2f %s] ", ((int32_t)(CursorBPos - CursorAPos)) / g_CursorScaleFactor, g_CursorScaleFactorUnit); } } - sprintf(str, "@%u..%u dt=%i %szoom=%2.2f CursorAPos=%u CursorBPos=%u GridX=%lf GridY=%lf (%s) GridXoffset=%lf", + snprintf(str, sizeof(str), "@%u..%u dt=%i %szoom=%2.2f CursorAPos=%u CursorBPos=%u GridX=%lf GridY=%lf (%s) GridXoffset=%lf", g_GraphStart, g_GraphStop, CursorBPos - CursorAPos, diff --git a/client/src/uart/uart_win32.c b/client/src/uart/uart_win32.c index bf292685a..1e57daeb2 100644 --- a/client/src/uart/uart_win32.c +++ b/client/src/uart/uart_win32.c @@ -75,7 +75,7 @@ serial_port uart_open(const char *pcPortName, uint32_t speed) { return INVALID_SERIAL_PORT; } // Copy the input "com?" to "\\.\COM?" format - sprintf(acPortName, "\\\\.\\%s", pcPortName); + snprintf(acPortName, sizeof(acPortName), "\\\\.\\%s", pcPortName); _strupr(acPortName); // Try to open the serial port diff --git a/client/src/ui.c b/client/src/ui.c index 74557cd5a..0ffabc341 100644 --- a/client/src/ui.c +++ b/client/src/ui.c @@ -719,18 +719,13 @@ void print_progress(size_t count, uint64_t max, barMode_t style) { snprintf(cbar, collen, "%s", bar); } - size_t olen = strlen(cbar) + 40; - char *out = (char *)calloc(olen, sizeof(uint8_t)); - switch (style) { case STYLE_BAR: { - sprintf(out, "%s", cbar); - printf("\b%c[2K\r[" _YELLOW_("=")"] %s", 27, out); + printf("\b%c[2K\r[" _YELLOW_("=")"] %s", 27, cbar); break; } case STYLE_MIXED: { - sprintf(out, "%s [ %zu mV / %2u V / %2u Vmax ]", cbar, count, (uint32_t)(count / 1000), (uint32_t)(max / 1000)); - printf("\b%c[2K\r[" _YELLOW_("=")"] %s", 27, out); + printf("\b%c[2K\r[" _YELLOW_("=")"] %s [ %zu mV / %2u V / %2u Vmax ]", 27, cbar, count, (uint32_t)(count / 1000), (uint32_t)(max / 1000)); break; } case STYLE_VALUE: { @@ -739,7 +734,6 @@ void print_progress(size_t count, uint64_t max, barMode_t style) { } } fflush(stdout); - free(out); free(bar); free(cbar); } diff --git a/client/src/util.c b/client/src/util.c index 94ecdd94f..ed17d4120 100644 --- a/client/src/util.c +++ b/client/src/util.c @@ -102,8 +102,11 @@ void FillFileNameByUID(char *filenamePrefix, const uint8_t *uid, const char *ext int len = strlen(filenamePrefix); - for (int j = 0; j < uidlen; j++) - sprintf(filenamePrefix + len + j * 2, "%02X", uid[j]); + for (int j = 0; j < uidlen; j++) { + // This is technically not the safest option, but there is no way to make this work without changing the function signature + // Possibly todo for future PR, but given UID lenghts are defined by program and not variable, should not be an issue + snprintf(filenamePrefix + len + j * 2, 3, "%02X", uid[j]); + } strcat(filenamePrefix, ext); } @@ -153,15 +156,15 @@ void ascii_to_buffer(uint8_t *buf, const uint8_t *hex_data, const size_t hex_len if (buf == NULL) return; - char *tmp = (char *)buf; - memset(tmp, 0x00, hex_max_len); + char *tmp_base = (char *)buf; + char *tmp = tmp_base; size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len; size_t i = 0; for (i = 0; i < max_len; ++i, tmp++) { char c = hex_data[i]; - sprintf(tmp, "%c", ((c < 32) || (c == 127)) ? '.' : c); + snprintf(tmp, hex_max_len - (tmp - tmp_base), "%c", ((c < 32) || (c == 127)) ? '.' : c); } size_t m = (min_str_len > i) ? min_str_len : 0; @@ -169,7 +172,7 @@ void ascii_to_buffer(uint8_t *buf, const uint8_t *hex_data, const size_t hex_len m = hex_max_len; for (; i < m; i++, tmp++) - sprintf(tmp, " "); + snprintf(tmp, hex_max_len - (tmp - tmp_base), " "); // remove last space *tmp = '\0'; @@ -180,17 +183,17 @@ void hex_to_buffer(uint8_t *buf, const uint8_t *hex_data, const size_t hex_len, if (buf == NULL) return; - char *tmp = (char *)buf; - memset(tmp, 0x00, hex_max_len); + char *tmp_base = (char *)buf; + char *tmp = tmp_base; size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len; size_t i; for (i = 0; i < max_len; ++i, tmp += 2 + spaces_between) { - sprintf(tmp, (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); + snprintf(tmp, hex_max_len - (tmp - tmp_base), (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); for (size_t j = 0; j < spaces_between; j++) - sprintf(tmp + 2 + j, " "); + snprintf(tmp + 2 + j, hex_max_len - ((tmp + 2 + j) - tmp_base), " "); } i *= (2 + spaces_between); @@ -200,7 +203,7 @@ void hex_to_buffer(uint8_t *buf, const uint8_t *hex_data, const size_t hex_len, m = hex_max_len; for (; i < m; i++, tmp++) - sprintf(tmp, " "); + snprintf(tmp, hex_max_len - (tmp - tmp_base), " "); // remove last space *tmp = '\0'; @@ -233,7 +236,6 @@ void print_hex_break(const uint8_t *data, const size_t len, uint8_t breaks) { if (mod) { char buf[UTIL_BUFFER_SIZE_SPRINT + 3]; - memset(buf, 0, sizeof(buf)); hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 1, true); // add the spaces... @@ -255,8 +257,7 @@ static void print_buffer_ex(const uint8_t *data, const size_t len, int level, ui break; } // (16 * 3) + (16) + + 1 - memset(buf, 0, sizeof(buf)); - sprintf(buf, "%*s%02x: ", (level * 4), " ", i); + snprintf(buf, sizeof(buf), "%*s%02x: ", (level * 4), " ", i); hex_to_buffer((uint8_t *)(buf + strlen(buf)), data + i, breaks, (sizeof(buf) - strlen(buf) - 1), 0, 1, true); snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "| %s", sprint_ascii(data + i, breaks)); @@ -267,8 +268,7 @@ static void print_buffer_ex(const uint8_t *data, const size_t len, int level, ui uint8_t mod = len % breaks; if (mod) { - memset(buf, 0, sizeof(buf)); - sprintf(buf, "%*s%02x: ", (level * 4), " ", i); + snprintf(buf, sizeof(buf), "%*s%02x: ", (level * 4), " ", i); hex_to_buffer((uint8_t *)(buf + strlen(buf)), data + i, mod, (sizeof(buf) - strlen(buf) - 1), 0, 1, true); // add the spaces... @@ -420,11 +420,10 @@ char *sprint_bin(const uint8_t *data, const size_t len) { char *sprint_hex_ascii(const uint8_t *data, const size_t len) { static char buf[UTIL_BUFFER_SIZE_SPRINT]; - char *tmp = buf; memset(buf, 0x00, UTIL_BUFFER_SIZE_SPRINT); size_t max_len = (len > 1010) ? 1010 : len; - snprintf(tmp, UTIL_BUFFER_SIZE_SPRINT, "%s| ", sprint_hex(data, max_len)); + snprintf(buf, sizeof(buf), "%s| ", sprint_hex(data, max_len)); size_t i = 0; size_t pos = (max_len * 3) + 2; @@ -435,7 +434,7 @@ char *sprint_hex_ascii(const uint8_t *data, const size_t len) { if ((c < 32) || (c == 127)) c = '.'; - sprintf(tmp + pos + i, "%c", c); + snprintf(buf + pos + i, sizeof(buf) - (pos + 1), "%c", c); ++i; } return buf; @@ -891,7 +890,7 @@ int binarraytohex(char *target, const size_t targetlen, const char *source, size if (t >= targetlen - 2) { return r; } - sprintf(target + t, "%X", x); + snprintf(target + t, targetlen - t, "%X", x); t++; r += 4; x = 0; @@ -902,7 +901,7 @@ int binarraytohex(char *target, const size_t targetlen, const char *source, size if (t >= targetlen - 5) { return r; } - sprintf(target + t, "%X[%i]", x, i); + snprintf(target + t, targetlen - t, "%X[%i]", x, i); t += 4; r += i; x = 0; @@ -913,7 +912,7 @@ int binarraytohex(char *target, const size_t targetlen, const char *source, size if (t >= targetlen - 2) { return r; } - sprintf(target + t, " "); + snprintf(target + t, targetlen - t, " "); t++; } r++; diff --git a/client/src/wiegand_formats.c b/client/src/wiegand_formats.c index a23bbc55c..e63040a19 100644 --- a/client/src/wiegand_formats.c +++ b/client/src/wiegand_formats.c @@ -1293,8 +1293,9 @@ void print_desc_wiegand(cardformat_t *fmt, wiegand_message_t *packed) { return; } - char *s = calloc(128, sizeof(uint8_t)); - sprintf(s, _YELLOW_("%-10s")" %-32s", fmt->Name, fmt->Descrp); + size_t s_len = 128; + char *s = calloc(s_len, sizeof(uint8_t)); + snprintf(s, s_len * sizeof(uint8_t), _YELLOW_("%-10s")" %-32s", fmt->Name, fmt->Descrp); if (packed->Top != 0) { PrintAndLogEx(SUCCESS, "%s -> " _GREEN_("%X%08X%08X"), diff --git a/common/iso15693tools.c b/common/iso15693tools.c index 214a66ccb..6ba659945 100644 --- a/common/iso15693tools.c +++ b/common/iso15693tools.c @@ -19,18 +19,26 @@ #include + +#define ISO15693_SPRINTUID_BUFLEN (3 * 8 + 1) + // returns a string representation of the UID // UID is transmitted and stored LSB first, displayed MSB first // dest char* buffer, where to put the UID, if NULL a static buffer is returned // uid[] the UID in transmission order // return: ptr to string char *iso15693_sprintUID(char *dest, uint8_t *uid) { - static char tempbuf[3 * 8 + 1] = {0}; + static char tempbuf[ISO15693_SPRINTUID_BUFLEN] = {0}; if (dest == NULL) dest = tempbuf; if (uid) { - sprintf(dest, "%02X %02X %02X %02X %02X %02X %02X %02X", +#ifdef HAVE_SNPRINTF + snprintf(dest, ISO15693_SPRINTUID_BUFLEN, +#else + sprintf(dest, +#endif + "%02X %02X %02X %02X %02X %02X %02X %02X", uid[7], uid[6], uid[5], uid[4], uid[3], uid[2], uid[1], uid[0] ); diff --git a/tools/hitag2crack/crack2/ht2crack2buildtable.c b/tools/hitag2crack/crack2/ht2crack2buildtable.c index a8f576f5f..15f1cb192 100644 --- a/tools/hitag2crack/crack2/ht2crack2buildtable.c +++ b/tools/hitag2crack/crack2/ht2crack2buildtable.c @@ -76,8 +76,8 @@ static void create_table(struct table *tt, int d_1, int d_2) { } // create the path -// sprintf(tt->path, "/Volumes/2tb/%02X/%02X.bin", d_1 & 0xff, d_2 & 0xff); - sprintf(tt->path, "table/%02x/%02x.bin", d_1 & 0xff, d_2 & 0xff); +// snprintf(tt->path, sizeof(tt->path), "/Volumes/2tb/%02X/%02X.bin", d_1 & 0xff, d_2 & 0xff); + snprintf(tt->path, sizeof(tt->path), "table/%02x/%02x.bin", d_1 & 0xff, d_2 & 0xff); } @@ -341,12 +341,12 @@ static void makedirs(void) { } for (i = 0; i < 0x100; i++) { - sprintf(path, "table/%02x", i); + snprintf(path, sizeof(path), "table/%02x", i); if (mkdir(path, 0755)) { printf("cannot make dir %s\n", path); exit(1); } - sprintf(path, "sorted/%02x", i); + snprintf(path, sizeof(path), "sorted/%02x", i); if (mkdir(path, 0755)) { printf("cannot make dir %s\n", path); exit(1); @@ -387,7 +387,7 @@ static void *sorttable(void *dd) { printf("sorttable: processing bytes 0x%02x/0x%02x\n", i, j); // open file, stat it and mmap it - sprintf(infile, "table/%02x/%02x.bin", i, j); + snprintf(infile, sizeof(infile), "table/%02x/%02x.bin", i, j); fdin = open(infile, O_RDONLY); if (fdin <= 0) { @@ -424,7 +424,7 @@ static void *sorttable(void *dd) { qsort_r(table, numentries, DATASIZE, datacmp, dummy); // write to file - sprintf(outfile, "sorted/%02x/%02x.bin", i, j); + snprintf(outfile, sizeof(outfile), "sorted/%02x/%02x.bin", i, j); fdout = open(outfile, O_WRONLY | O_CREAT, 0644); if (fdout <= 0) { printf("cannot create outfile %s\n", outfile); diff --git a/tools/hitag2crack/crack2/ht2crack2gentest.c b/tools/hitag2crack/crack2/ht2crack2gentest.c index cc8d1e94e..ba89526fa 100644 --- a/tools/hitag2crack/crack2/ht2crack2gentest.c +++ b/tools/hitag2crack/crack2/ht2crack2gentest.c @@ -25,7 +25,7 @@ static int makerandom(char *hex, unsigned int len, int fd) { } for (i = 0; i < len; i++) { - sprintf(hex + (2 * i), "%02X", raw[i]); + snprintf(hex + (2 * i), 3, "%02X", raw[i]); } return 1; @@ -65,7 +65,7 @@ int main(int argc, char *argv[]) { makerandom(key, 6, urandomfd); makerandom(uid, 4, urandomfd); makerandom(nR, 4, urandomfd); - sprintf(filename, "keystream.key-%s.uid-%s.nR-%s", key, uid, nR); + snprintf(filename, sizeof(filename), "keystream.key-%s.uid-%s.nR-%s", key, uid, nR); FILE *fp = fopen(filename, "w"); if (!fp) { diff --git a/tools/hitag2crack/crack2/ht2crack2search.c b/tools/hitag2crack/crack2/ht2crack2search.c index c775f7011..b98457f4f 100644 --- a/tools/hitag2crack/crack2/ht2crack2search.c +++ b/tools/hitag2crack/crack2/ht2crack2search.c @@ -166,7 +166,7 @@ static int searchcand(unsigned char *c, unsigned char *rt, int fwd, unsigned cha return 0; } - sprintf(file, INPUTFILE, c[0], c[1]); + snprintf(file, sizeof(file), INPUTFILE, c[0], c[1]); fd = open(file, O_RDONLY); if (fd <= 0) { diff --git a/tools/mf_nonce_brute/mf_nonce_brute.c b/tools/mf_nonce_brute/mf_nonce_brute.c index 32b4d9bd6..8d98e04cf 100644 --- a/tools/mf_nonce_brute/mf_nonce_brute.c +++ b/tools/mf_nonce_brute/mf_nonce_brute.c @@ -153,17 +153,17 @@ static void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const siz if (buf == NULL) return; - char *tmp = (char *)buf; + char *tmp_base = (char *)buf; + char *tmp = tmp_base; size_t i; - memset(tmp, 0x00, hex_max_len); size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len; for (i = 0; i < max_len; ++i, tmp += 2 + spaces_between) { - sprintf(tmp, (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); + snprintf(tmp, hex_max_len - (tmp - tmp_base), (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); for (size_t j = 0; j < spaces_between; j++) - sprintf(tmp + 2 + j, " "); + snprintf(tmp + 2 + j, hex_max_len - (2 + j + (tmp - tmp_base)), " "); } i *= (2 + spaces_between); @@ -173,11 +173,10 @@ static void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const siz mlen = hex_max_len; for (; i < mlen; i++, tmp += 1) - sprintf(tmp, " "); + snprintf(tmp, hex_max_len - (tmp - tmp_base), " "); // remove last space *tmp = '\0'; - return; } static char *sprint_hex_inrow_ex(const uint8_t *data, const size_t len, const size_t min_str_len) { diff --git a/tools/mf_nonce_brute/mf_trace_brute.c b/tools/mf_nonce_brute/mf_trace_brute.c index a25bfff5f..8bc255517 100644 --- a/tools/mf_nonce_brute/mf_trace_brute.c +++ b/tools/mf_nonce_brute/mf_trace_brute.c @@ -139,17 +139,17 @@ static void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const siz if (buf == NULL) return; - char *tmp = (char *)buf; + char *tmp_base = (char *)buf; + char *tmp = tmp_base; size_t i; - memset(tmp, 0x00, hex_max_len); size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len; for (i = 0; i < max_len; ++i, tmp += 2 + spaces_between) { - sprintf(tmp, (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); + snprintf(tmp, hex_max_len - (tmp - tmp_base), (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); for (size_t j = 0; j < spaces_between; j++) - sprintf(tmp + 2 + j, " "); + snprintf(tmp + 2 + j, hex_max_len - (2 + j + (tmp - tmp_base)), " "); } i *= (2 + spaces_between); @@ -159,11 +159,10 @@ static void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const siz mlen = hex_max_len; for (; i < mlen; i++, tmp += 1) - sprintf(tmp, " "); + snprintf(tmp, hex_max_len - (tmp - tmp_base), " "); // remove last space *tmp = '\0'; - return; } static char *sprint_hex_inrow_ex(const uint8_t *data, const size_t len, const size_t min_str_len) {