github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 22:03:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fuzzing seems to believe we would actually write more than 50 bytes of ATR...

Browse source
This commit is contained in:
iceman1001 2024-02-19 18:21:19 +01:00
commit 96a68a1ddc
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
client/src/cmdsmartcard.c
View file

@ -1172,8 +1172,8 @@ static int CmdSmartBruteforceSFI(const char *Cmd) {
} }
static void atsToEmulatedAtr(uint8_t *ats, uint8_t *atr, int *atrLen) { static void atsToEmulatedAtr(uint8_t *ats, uint8_t *atr, int *atrLen) {
int historicalLen = 0; uint8_t historicalLen = 0;
int offset = 2; uint8_t offset = 2;
if (ats[0] < 2) { if (ats[0] < 2) {
historicalLen = 0; historicalLen = 0;
@ -1202,7 +1202,7 @@ static void atsToEmulatedAtr(uint8_t *ats, uint8_t *atr, int *atrLen) {
atr[3] = 0x01; atr[3] = 0x01;
uint8_t tck = atr[1] ^ atr[2] ^ atr[3]; uint8_t tck = atr[1] ^ atr[2] ^ atr[3];
for (int i = 0; i < historicalLen; ++i) { for (uint8_t i = 0; i < historicalLen; ++i) {
atr[4 + i] = ats[offset + i]; atr[4 + i] = ats[offset + i];
tck = tck ^ ats[offset + i]; tck = tck ^ ats[offset + i];
} }
@ -1302,7 +1302,7 @@ static int CmdPCSC(const char *Cmd) {
if (bytes_read > 0) { if (bytes_read > 0) {
if (cmdbuf[1] == 0x01 && cmdbuf[2] == 0x04) { // vpcd GET ATR if (cmdbuf[1] == 0x01 && cmdbuf[2] == 0x04) { // vpcd GET ATR
uint8_t atr[50] = {0}; uint8_t atr[256] = {0};
int atrLen = 0; int atrLen = 0;
switch (card_type) { switch (card_type) {