From ad84875afd8235e6c0804670198f9a1af145bea5 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 24 Mar 2025 23:46:43 +0100 Subject: [PATCH] cppcheck nullPointerOutOfMemory --- client/src/cmdflashmemspiffs.c | 5 +++ client/src/cmdhflegic.c | 4 +++ client/src/cmdhftopaz.c | 4 +++ client/src/cmdlffdxb.c | 9 +++++ client/src/cmdlfgallagher.c | 4 +++ client/src/cmdlfguard.c | 4 +++ client/src/cmdlfhitag.c | 7 +++- client/src/cmdlfindala.c | 8 +++++ client/src/cmdlfio.c | 4 +++ client/src/cmdlfjablotron.c | 5 +++ client/src/cmdlfkeri.c | 4 +++ client/src/cmdlfnedap.c | 4 +++ client/src/cmdlfnexwatch.c | 14 ++++++++ client/src/cmdlfnoralsy.c | 4 +++ client/src/cmdlfpac.c | 4 +++ client/src/cmdlfparadox.c | 4 +++ client/src/cmdlfpresco.c | 4 +++ client/src/cmdlfpyramid.c | 4 +++ client/src/cmdlfsecurakey.c | 4 +++ client/src/cmdlft55xx.c | 16 +++++++++ client/src/cmdlfviking.c | 4 +++ client/src/cmdlfvisa2000.c | 4 +++ client/src/cmdmain.c | 6 ++++ client/src/cmdsmartcard.c | 47 ++++++++++++++++++++++++-- client/src/comms.c | 14 +++++++- client/src/emv/crypto_polarssl.c | 20 +++++++++++ client/src/emv/dol.c | 2 ++ client/src/emv/emv_pk.c | 3 ++ client/src/emv/emv_pki.c | 4 +++ client/src/emv/test/cda_test.c | 4 +++ client/src/emv/test/dda_test.c | 4 +++ client/src/graph.c | 23 +++++++++++++ client/src/loclass/cipher.c | 4 +++ client/src/loclass/cipherutils.c | 4 +++ client/src/loclass/elite_crack.c | 4 +++ client/src/loclass/ikeys.c | 4 +++ client/src/mifare/mifarehost.c | 4 +++ client/src/nfc/ndef.c | 4 +++ client/src/scripting.c | 4 +++ tools/fpga_compress/fpga_compress.c | 12 +++++++ tools/mfc/card_reader/mf_nonce_brute.c | 16 +++++++++ tools/mfc/card_reader/mf_trace_brute.c | 4 +++ tools/mfd_aes_brute/mfd_aes_brute.c | 4 +++ tools/mfd_aes_brute/mfd_multi_brute.c | 4 +++ 44 files changed, 314 insertions(+), 5 deletions(-) diff --git a/client/src/cmdflashmemspiffs.c b/client/src/cmdflashmemspiffs.c index 9159eee0e..9dc706d98 100644 --- a/client/src/cmdflashmemspiffs.c +++ b/client/src/cmdflashmemspiffs.c @@ -46,6 +46,11 @@ int flashmem_spiffs_load(const char *destfn, const uint8_t *data, size_t datalen uint32_t bytes_in_packet = MIN(FLASH_MEM_BLOCK_SIZE, bytes_remaining); flashmem_write_t *payload = calloc(1, sizeof(flashmem_write_t) + bytes_in_packet); + if (payload == NULL) { + PrintAndLogEx(ERR, "error, cannot allocate memory "); + ret_val = PM3_EMALLOC; + goto out; + } payload->append = (bytes_sent > 0); diff --git a/client/src/cmdhflegic.c b/client/src/cmdhflegic.c index 9a273f7ef..768a69e25 100644 --- a/client/src/cmdhflegic.c +++ b/client/src/cmdhflegic.c @@ -901,6 +901,10 @@ static int CmdLegicDump(const char *Cmd) { PrintAndLogEx(SUCCESS, "Reading tag memory." NOLF); legic_packet_t *payload = calloc(1, sizeof(legic_packet_t)); + if (payload == NULL) { + PrintAndLogEx(WARNING, "Cannot allocate memory"); + return PM3_EMALLOC; + } payload->offset = 0; payload->iv = 0x55; payload->len = dumplen; diff --git a/client/src/cmdhftopaz.c b/client/src/cmdhftopaz.c index f191ce160..3815706d5 100644 --- a/client/src/cmdhftopaz.c +++ b/client/src/cmdhftopaz.c @@ -542,6 +542,10 @@ static void topaz_print_control_TLVs(uint8_t *memory) { if (old == NULL) { new = topaz_tag.dynamic_lock_areas = (dynamic_lock_area_t *) calloc(sizeof(dynamic_lock_area_t), sizeof(uint8_t)); + if (new == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return; + } } else { while (old->next != NULL) { old = old->next; diff --git a/client/src/cmdlffdxb.c b/client/src/cmdlffdxb.c index b0063a129..d7b4b3b3f 100644 --- a/client/src/cmdlffdxb.c +++ b/client/src/cmdlffdxb.c @@ -858,6 +858,10 @@ static int CmdFdxBSim(const char *Cmd) { PrintAndLogEx(SUCCESS, "Simulating FDX-B animal ID: " _YELLOW_("%04u-%"PRIu64), country_code, national_code); uint8_t *bs = calloc(128, sizeof(uint8_t)); + if (bs == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed."); + return PM3_EMALLOC; + } if (getFDXBBits(national_code, country_code, is_animal, (extended > 0), extended, bs) != PM3_SUCCESS) { PrintAndLogEx(ERR, "Error with tag bitstream generation."); free(bs); @@ -866,6 +870,11 @@ static int CmdFdxBSim(const char *Cmd) { // 32, no STT, BIPHASE INVERTED == diphase lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + 128); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed."); + free(bs); + return PM3_EMALLOC; + } payload->encoding = 2; payload->invert = 1; payload->separator = 0; diff --git a/client/src/cmdlfgallagher.c b/client/src/cmdlfgallagher.c index 5f25513c6..3052b2619 100644 --- a/client/src/cmdlfgallagher.c +++ b/client/src/cmdlfgallagher.c @@ -363,6 +363,10 @@ static int CmdGallagherSim(const char *Cmd) { bytes_to_bytebits(raw, sizeof(raw), bs); lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(FAILED, "Memory allocation failed"); + return PM3_EMALLOC; + } payload->encoding = 1; payload->invert = 0; payload->separator = 0; diff --git a/client/src/cmdlfguard.c b/client/src/cmdlfguard.c index d6979633a..b06e28ea8 100644 --- a/client/src/cmdlfguard.c +++ b/client/src/cmdlfguard.c @@ -387,6 +387,10 @@ static int CmdGuardSim(const char *Cmd) { // Guard uses: clk: 64, invert: 0, encoding: 2 (ASK Biphase) lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed."); + return PM3_EMALLOC; + } payload->encoding = 2; payload->invert = 0; payload->separator = 0; diff --git a/client/src/cmdlfhitag.c b/client/src/cmdlfhitag.c index 5765bfd1c..4d599904a 100644 --- a/client/src/cmdlfhitag.c +++ b/client/src/cmdlfhitag.c @@ -1678,7 +1678,12 @@ static int CmdLFHitagEload(const char *Cmd) { // check dump len.. if (bytes_read == HITAG2_MAX_BYTE_SIZE || bytes_read == 4 * 64) { - lf_hitag_t *payload = calloc(1, sizeof(lf_hitag_t) + bytes_read); + lf_hitag_t *payload = calloc(1, sizeof(lf_hitag_t) + bytes_read); + if (payload == NULL) { + PrintAndLogEx(WARNING, "Fail, cannot allocate memory"); + free(dump); + return PM3_EMALLOC; + } if (use_ht1) payload->type = 1; diff --git a/client/src/cmdlfindala.c b/client/src/cmdlfindala.c index 78fb5fad3..c7be951db 100644 --- a/client/src/cmdlfindala.c +++ b/client/src/cmdlfindala.c @@ -175,6 +175,10 @@ static int sendTry(uint8_t fc, uint16_t cn, uint32_t delay, bool fmt4041x, bool // indala PSK, clock 32, carrier 0 lf_psksim_t *payload = calloc(1, sizeof(lf_psksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return PM3_EMALLOC; + } payload->carrier = 2; payload->invert = 0; payload->clock = 32; @@ -756,6 +760,10 @@ static int CmdIndalaSim(const char *Cmd) { // indala PSK, clock 32, carrier 0 lf_psksim_t *payload = calloc(1, sizeof(lf_psksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return PM3_EMALLOC; + } payload->carrier = 2; payload->invert = 0; payload->clock = 32; diff --git a/client/src/cmdlfio.c b/client/src/cmdlfio.c index c648fc388..12cd68520 100644 --- a/client/src/cmdlfio.c +++ b/client/src/cmdlfio.c @@ -251,6 +251,10 @@ static int CmdIOProxSim(const char *Cmd) { // arg2 --- Invert and clk setting // size --- 64 bits == 8 bytes lf_fsksim_t *payload = calloc(1, sizeof(lf_fsksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + return PM3_EMALLOC; + } payload->fchigh = 10; payload->fclow = 8; payload->separator = 1; diff --git a/client/src/cmdlfjablotron.c b/client/src/cmdlfjablotron.c index 658b90965..290181ae7 100644 --- a/client/src/cmdlfjablotron.c +++ b/client/src/cmdlfjablotron.c @@ -284,6 +284,11 @@ static int CmdJablotronSim(const char *Cmd) { getJablotronBits(fullcode, bs); lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + JABLOTRON_ARR_LEN); + if (payload == NULL) { + PrintAndLogEx(WARNING, "Failed to allocate memory"); + free(bs); + return PM3_EMALLOC; + } payload->encoding = 2; payload->invert = 1; payload->separator = 0; diff --git a/client/src/cmdlfkeri.c b/client/src/cmdlfkeri.c index 3f188f8eb..cfd0752eb 100644 --- a/client/src/cmdlfkeri.c +++ b/client/src/cmdlfkeri.c @@ -346,6 +346,10 @@ static int CmdKeriSim(const char *Cmd) { PrintAndLogEx(SUCCESS, "Simulating KERI - Internal Id " _YELLOW_("%" PRIu64), internalid); lf_psksim_t *payload = calloc(1, sizeof(lf_psksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return PM3_EMALLOC; + } payload->carrier = 2; payload->invert = 0; payload->clock = 32; diff --git a/client/src/cmdlfnedap.c b/client/src/cmdlfnedap.c index c7369cc11..acb162b3e 100644 --- a/client/src/cmdlfnedap.c +++ b/client/src/cmdlfnedap.c @@ -539,6 +539,10 @@ static int CmdLFNedapSim(const char *Cmd) { // NEDAP, Biphase = 2, clock 64, inverted, (DIPhase == inverted BIphase) lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + g_DemodBufferLen); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return PM3_EMALLOC; + } payload->encoding = 2; payload->invert = 1; payload->separator = 0; diff --git a/client/src/cmdlfnexwatch.c b/client/src/cmdlfnexwatch.c index e725c998d..3c42465da 100644 --- a/client/src/cmdlfnexwatch.c +++ b/client/src/cmdlfnexwatch.c @@ -423,7 +423,17 @@ static int CmdNexWatchClone(const char *Cmd) { blocks[0] = 0x00042080; uint8_t *res_shifted = calloc(96, sizeof(uint8_t)); + if (res_shifted == NULL) { + PrintAndLogEx(FAILED, "Memory allocation failed for res_shifted"); + return PM3_EMALLOC; + } + uint8_t *res = calloc(96, sizeof(uint8_t)); + if (res == NULL) { + PrintAndLogEx(FAILED, "Memory allocation failed for res"); + free(res_shifted); + return PM3_EMALLOC; + } bytes_to_bytebits(raw, 12, res); psk1TOpsk2(res, 96); @@ -546,6 +556,10 @@ static int CmdNexWatchSim(const char *Cmd) { PrintAndLogEx(SUCCESS, "Simulating NexWatch - raw " _YELLOW_("%s"), sprint_hex_inrow(raw, sizeof(raw))); lf_psksim_t *payload = calloc(1, sizeof(lf_psksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(FAILED, "Memory allocation failed for payload"); + return PM3_EMALLOC; + } payload->carrier = 2; payload->invert = 0; payload->clock = 32; diff --git a/client/src/cmdlfnoralsy.c b/client/src/cmdlfnoralsy.c index 713364efb..1dfedac6e 100644 --- a/client/src/cmdlfnoralsy.c +++ b/client/src/cmdlfnoralsy.c @@ -261,6 +261,10 @@ static int CmdNoralsySim(const char *Cmd) { PrintAndLogEx(SUCCESS, "Simulating Noralsy - CardId: " _YELLOW_("%u") " year " _YELLOW_("%u"), id, year); lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed."); + return PM3_EMALLOC; + } payload->encoding = 1; payload->invert = 0; payload->separator = 1; diff --git a/client/src/cmdlfpac.c b/client/src/cmdlfpac.c index 95c58e4f2..2516d7c06 100644 --- a/client/src/cmdlfpac.c +++ b/client/src/cmdlfpac.c @@ -368,6 +368,10 @@ static int CmdPacSim(const char *Cmd) { // NRZ sim. lf_nrzsim_t *payload = calloc(1, sizeof(lf_nrzsim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(FAILED, "Memory allocation failed"); + return PM3_EMALLOC; + } payload->invert = 0; payload->separator = 0; payload->clock = 32; diff --git a/client/src/cmdlfparadox.c b/client/src/cmdlfparadox.c index df9fc97e3..2205fb6a3 100644 --- a/client/src/cmdlfparadox.c +++ b/client/src/cmdlfparadox.c @@ -446,6 +446,10 @@ static int CmdParadoxSim(const char *Cmd) { uint8_t clk = 50, high = 10, low = 8; lf_fsksim_t *payload = calloc(1, sizeof(lf_fsksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + return PM3_EMALLOC; + } payload->fchigh = high; payload->fclow = low; payload->separator = 0; diff --git a/client/src/cmdlfpresco.c b/client/src/cmdlfpresco.c index de4f7fb12..f430d22ea 100644 --- a/client/src/cmdlfpresco.c +++ b/client/src/cmdlfpresco.c @@ -333,6 +333,10 @@ static int CmdPrescoSim(const char *Cmd) { getPrescoBits(fullcode, bs); lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return PM3_EMALLOC; + } payload->encoding = 1; payload->invert = 0; payload->separator = 1; diff --git a/client/src/cmdlfpyramid.c b/client/src/cmdlfpyramid.c index eb9385b2f..c7e268030 100644 --- a/client/src/cmdlfpyramid.c +++ b/client/src/cmdlfpyramid.c @@ -428,6 +428,10 @@ static int CmdPyramidSim(const char *Cmd) { // Pyramid uses: fcHigh: 10, fcLow: 8, clk: 50, invert: 0 lf_fsksim_t *payload = calloc(1, sizeof(lf_fsksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + return PM3_EMALLOC; + } payload->fchigh = 10; payload->fclow = 8; payload->separator = 0; diff --git a/client/src/cmdlfsecurakey.c b/client/src/cmdlfsecurakey.c index eb87aa9dd..fe4d40aab 100644 --- a/client/src/cmdlfsecurakey.c +++ b/client/src/cmdlfsecurakey.c @@ -270,6 +270,10 @@ static int CmdSecurakeySim(const char *Cmd) { bytes_to_bytebits(raw, sizeof(raw), bs); lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return PM3_EMALLOC; + } payload->encoding = 1; payload->invert = 0; payload->separator = 0; diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index 440ef656a..04afdc32b 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -345,6 +345,14 @@ static void arg_add_t55xx_downloadlink(void *at[], uint8_t *idx, uint8_t show, u char *r2 = (char *)calloc(r_count, sizeof(uint8_t)); char *r3 = (char *)calloc(r_count, sizeof(uint8_t)); + if (r0 == NULL || r1 == NULL || r2 == NULL || r3 == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + free(r0); + free(r1); + free(r2); + free(r3); + return; + } snprintf(r0, r_len, "downlink - fixed bit length %s", (dl_mode_def == 0) ? "(detected def)" : ""); snprintf(r1, r_len, "downlink - long leading reference %s", (dl_mode_def == 1) ? "(detected def)" : ""); snprintf(r2, r_len, "downlink - leading zero %s", (dl_mode_def == 2) ? "(detected def)" : ""); @@ -358,6 +366,14 @@ static void arg_add_t55xx_downloadlink(void *at[], uint8_t *idx, uint8_t show, u if (show == T55XX_DLMODE_ALL) { char *r4 = (char *)calloc(r_count, sizeof(uint8_t)); + if (r4 == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + free(r0); + free(r1); + free(r2); + free(r3); + return; + } snprintf(r4, r_len, "try all downlink modes %s", (dl_mode_def == 4) ? "(def)" : ""); at[n++] = arg_lit0(NULL, "all", r4); } diff --git a/client/src/cmdlfviking.c b/client/src/cmdlfviking.c index ed77f39e0..6706dd361 100644 --- a/client/src/cmdlfviking.c +++ b/client/src/cmdlfviking.c @@ -218,6 +218,10 @@ static int CmdVikingSim(const char *Cmd) { num_to_bytebits(rawID, sizeof(bs), bs); lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return PM3_EMALLOC; + } payload->encoding = 1; payload->invert = 0; payload->separator = 0; diff --git a/client/src/cmdlfvisa2000.c b/client/src/cmdlfvisa2000.c index 46b6c5b2f..0cb29f446 100644 --- a/client/src/cmdlfvisa2000.c +++ b/client/src/cmdlfvisa2000.c @@ -276,6 +276,10 @@ static int CmdVisa2kSim(const char *Cmd) { num_to_bytebits(blocks[i], 32, bs + i * 32); lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return PM3_EMALLOC; + } payload->encoding = 1; payload->invert = 0; payload->separator = 1; diff --git a/client/src/cmdmain.c b/client/src/cmdmain.c index b738fe620..da5770e1f 100644 --- a/client/src/cmdmain.c +++ b/client/src/cmdmain.c @@ -59,6 +59,12 @@ static void AppendDate(char *s, size_t slen, const char *fmt) { #else ct = gmtime_r(&now, &tm_buf); #endif + if (ct == NULL) { + PrintAndLogEx(ERR, "gmtime failed"); + return; + } + + // If no format is specified, use ISO8601 if (fmt == NULL) strftime(s, slen, "%Y-%m-%dT%H:%M:%SZ", ct); // ISO8601 else diff --git a/client/src/cmdsmartcard.c b/client/src/cmdsmartcard.c index 005769083..e47d7f85a 100644 --- a/client/src/cmdsmartcard.c +++ b/client/src/cmdsmartcard.c @@ -364,6 +364,10 @@ static int smart_responseEx(uint8_t *out, int maxoutlen, bool verbose) { uint8_t cmd_getresp[] = {0x00, ISO7816_GET_RESPONSE, 0x00, 0x00, len}; smart_card_raw_t *payload = calloc(1, sizeof(smart_card_raw_t) + sizeof(cmd_getresp)); + if (payload == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + goto out; + } payload->flags = SC_RAW | SC_LOG; payload->len = sizeof(cmd_getresp); payload->wait_delay = 0; @@ -903,8 +907,10 @@ static int CmdSmartList(const char *Cmd) { static void smart_brute_prim(void) { uint8_t *buf = calloc(PM3_CMD_DATA_SIZE, sizeof(uint8_t)); - if (!buf) + if (buf == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); return; + } uint8_t get_card_data[] = { 0x80, 0xCA, 0x9F, 0x13, 0x00, @@ -918,6 +924,11 @@ static void smart_brute_prim(void) { for (int i = 0; i < ARRAYLEN(get_card_data); i += 5) { smart_card_raw_t *payload = calloc(1, sizeof(smart_card_raw_t) + 5); + if (payload == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + free(buf); + return; + } payload->flags = SC_RAW_T0; payload->len = 5; payload->wait_delay = 0; @@ -938,8 +949,10 @@ static void smart_brute_prim(void) { static int smart_brute_sfi(bool decodeTLV) { uint8_t *buf = calloc(PM3_CMD_DATA_SIZE, sizeof(uint8_t)); - if (buf == NULL) + if (buf == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); return 1; + } int len; // READ RECORD @@ -962,6 +975,11 @@ static int smart_brute_sfi(bool decodeTLV) { READ_RECORD[3] = (sfi << 3) | 4; smart_card_raw_t *payload = calloc(1, sizeof(smart_card_raw_t) + sizeof(READ_RECORD)); + if (payload == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + free(buf); + return 1; + } payload->flags = SC_RAW_T0; payload->len = sizeof(READ_RECORD); payload->wait_delay = 0; @@ -1007,13 +1025,20 @@ static int smart_brute_sfi(bool decodeTLV) { static void smart_brute_options(bool decodeTLV) { uint8_t *buf = calloc(PM3_CMD_DATA_SIZE, sizeof(uint8_t)); - if (!buf) + if (buf == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); return; + } // Get processing options command uint8_t GET_PROCESSING_OPTIONS[] = {0x80, 0xA8, 0x00, 0x00, 0x02, 0x83, 0x00, 0x00}; smart_card_raw_t *payload = calloc(1, sizeof(smart_card_raw_t) + sizeof(GET_PROCESSING_OPTIONS)); + if (payload == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + free(buf); + return; + } payload->flags = SC_RAW_T0; payload->len = sizeof(GET_PROCESSING_OPTIONS); memcpy(payload->data, GET_PROCESSING_OPTIONS, sizeof(GET_PROCESSING_OPTIONS)); @@ -1111,6 +1136,12 @@ static int CmdSmartBruteforceSFI(const char *Cmd) { size_t aidlen = strlen(aid); caid = calloc(8 + 2 + aidlen + 1, sizeof(uint8_t)); + if (caid == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + json_decref(root); + free(buf); + return PM3_EMALLOC; + } snprintf(caid, 8 + 2 + aidlen + 1, SELECT, aidlen >> 1, aid); int hexlen = 0; @@ -1120,6 +1151,12 @@ static int CmdSmartBruteforceSFI(const char *Cmd) { continue; smart_card_raw_t *payload = calloc(1, sizeof(smart_card_raw_t) + hexlen); + if (payload == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + json_decref(root); + free(buf); + return PM3_EMALLOC; + } payload->flags = SC_RAW_T0; payload->len = hexlen; payload->wait_delay = 0; @@ -1470,6 +1507,10 @@ int ExchangeAPDUSC(bool verbose, uint8_t *datain, int datainlen, bool activateCa *dataoutlen = 0; smart_card_raw_t *payload = calloc(1, sizeof(smart_card_raw_t) + datainlen); + if (payload == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + return PM3_EMALLOC; + } payload->flags = (SC_RAW_T0 | SC_LOG); if (activateCard) { payload->flags |= (SC_SELECT | SC_CONNECT); diff --git a/client/src/comms.c b/client/src/comms.c index 992436ba0..7c55cacd5 100644 --- a/client/src/comms.c +++ b/client/src/comms.c @@ -770,6 +770,12 @@ bool OpenProxmarkSilent(pm3_device_t **dev, const char *port, uint32_t speed) { fflush(stdout); if (*dev == NULL) { *dev = calloc(sizeof(pm3_device_t), sizeof(uint8_t)); + if (*dev == NULL) { + PrintAndLogEx(ERR, "Failed to allocate memory for pm3_device_t"); + uart_close(sp); + sp = NULL; + return false; + } } (*dev)->g_conn = &g_conn; // TODO g_conn shouldn't be global return true; @@ -827,7 +833,13 @@ bool OpenProxmark(pm3_device_t **dev, const char *port, bool wait_for_port, int fflush(stdout); if (*dev == NULL) { - *dev = calloc(sizeof(pm3_device_t), sizeof(uint8_t)); + *dev = calloc(1, sizeof(pm3_device_t)); + if (*dev == NULL) { + PrintAndLogEx(ERR, "Failed to allocate memory for pm3_device_t"); + uart_close(sp); + sp = NULL; + return false; + } } (*dev)->g_conn = &g_conn; // TODO g_conn shouldn't be global return true; diff --git a/client/src/emv/crypto_polarssl.c b/client/src/emv/crypto_polarssl.c index 00e484bf7..b3d42d11a 100644 --- a/client/src/emv/crypto_polarssl.c +++ b/client/src/emv/crypto_polarssl.c @@ -64,6 +64,9 @@ static struct crypto_hash *crypto_hash_polarssl_open(enum crypto_algo_hash hash) return NULL; struct crypto_hash_polarssl *ch = calloc(1, sizeof(*ch)); + if (ch == NULL) { + return NULL; + } mbedtls_sha1_starts(&(ch->ctx)); @@ -82,6 +85,9 @@ struct crypto_pk_polarssl { static struct crypto_pk *crypto_pk_polarssl_open_rsa(va_list vl) { struct crypto_pk_polarssl *cp = calloc(1, sizeof(*cp)); + if (cp == NULL) { + return NULL; + } memset(cp, 0x00, sizeof(*cp)); char *mod = va_arg(vl, char *); // N @@ -107,6 +113,9 @@ static struct crypto_pk *crypto_pk_polarssl_open_rsa(va_list vl) { static struct crypto_pk *crypto_pk_polarssl_open_priv_rsa(va_list vl) { struct crypto_pk_polarssl *cp = calloc(1, sizeof(*cp)); + if (cp == NULL) { + return NULL; + } memset(cp, 0x00, sizeof(*cp)); char *mod = va_arg(vl, char *); int modlen = va_arg(vl, size_t); @@ -167,6 +176,9 @@ static int myrand(void *rng_state, unsigned char *output, size_t len) { static struct crypto_pk *crypto_pk_polarssl_genkey_rsa(va_list vl) { struct crypto_pk_polarssl *cp = calloc(1, sizeof(*cp)); + if (cp == NULL) { + return NULL; + } memset(cp, 0x00, sizeof(*cp)); int transient = va_arg(vl, int); @@ -251,6 +263,10 @@ static unsigned char *crypto_pk_polarssl_get_parameter(const struct crypto_pk *_ case 0: *plen = mbedtls_mpi_size(&cp->ctx.N); result = calloc(1, *plen); + if (result == NULL) { + PrintAndLogEx(WARNING, "Error allocating memory for parameter"); + return 0; + } memset(result, 0x00, *plen); res = mbedtls_mpi_write_binary(&cp->ctx.N, result, *plen); if (res < 0) { @@ -263,6 +279,10 @@ static unsigned char *crypto_pk_polarssl_get_parameter(const struct crypto_pk *_ case 1: *plen = mbedtls_mpi_size(&cp->ctx.E); result = calloc(1, *plen); + if (result == NULL) { + PrintAndLogEx(WARNING, "Error allocating memory for parameter"); + return 0; + } memset(result, 0x00, *plen); res = mbedtls_mpi_write_binary(&cp->ctx.E, result, *plen); if (res < 0) { diff --git a/client/src/emv/dol.c b/client/src/emv/dol.c index dddefaf4a..edb4de628 100644 --- a/client/src/emv/dol.c +++ b/client/src/emv/dol.c @@ -55,6 +55,8 @@ struct tlv *dol_process(const struct tlv *tlv, const struct tlvdb *tlvdb, tlv_ta size_t res_len; if (!tlv || !(res_len = dol_calculate_len(tlv, 0))) { struct tlv *res_tlv = calloc(1, sizeof(*res_tlv)); + if (!res_tlv) + return NULL; res_tlv->tag = tag; res_tlv->len = 0; diff --git a/client/src/emv/emv_pk.c b/client/src/emv/emv_pk.c index 48a209fbb..19ccf1e4f 100644 --- a/client/src/emv/emv_pk.c +++ b/client/src/emv/emv_pk.c @@ -169,6 +169,9 @@ static ssize_t emv_pk_read_string(char *buf, size_t buflen, char *str, size_t si struct emv_pk *emv_pk_parse_pk(char *buf, size_t buflen) { struct emv_pk *r = calloc(1, sizeof(*r)); + if (r == NULL) { + return NULL; + } ssize_t l; char temp[10]; diff --git a/client/src/emv/emv_pki.c b/client/src/emv/emv_pki.c index 8f430e290..ed30917e0 100644 --- a/client/src/emv/emv_pki.c +++ b/client/src/emv/emv_pki.c @@ -346,6 +346,10 @@ unsigned char *emv_pki_sdatl_fill(const struct tlvdb *db, size_t *sdatl_len) { if (len) { *sdatl_len = len; unsigned char *value = calloc(1, len); + if (value == NULL) { + PrintAndLogEx(WARNING, "ERROR: Memory allocation failed"); + return NULL; + } memcpy(value, buf, len); return value; } diff --git a/client/src/emv/test/cda_test.c b/client/src/emv/test/cda_test.c index 22c865785..d4c470b69 100644 --- a/client/src/emv/test/cda_test.c +++ b/client/src/emv/test/cda_test.c @@ -245,6 +245,10 @@ static int cda_test_raw(bool verbose) { size_t iccpk_pk_len = iccpk_data[19]; unsigned char *iccpk_pk = calloc(1, iccpk_pk_len); + if (!iccpk_pk) { + free(iccpk_data); + return 1; + } memcpy(iccpk_pk, iccpk_data + 21, /*iccpk_data_len - 36*/iccpk_pk_len); /*memcpy(iccpk_pk + iccpk_data_len - 36, icc_rem, sizeof(icc_rem));*/ diff --git a/client/src/emv/test/dda_test.c b/client/src/emv/test/dda_test.c index 1adcdfec0..a5f4f61fc 100644 --- a/client/src/emv/test/dda_test.c +++ b/client/src/emv/test/dda_test.c @@ -233,6 +233,10 @@ static int dda_test_raw(bool verbose) { size_t iccpk_pk_len = iccpk_data[19]; unsigned char *iccpk_pk = calloc(1, iccpk_pk_len); + if (!iccpk_pk) { + free(iccpk_data); + return 1; + } memcpy(iccpk_pk, iccpk_data + 21, /*iccpk_data_len - 36*/iccpk_pk_len); /*memcpy(iccpk_pk + iccpk_data_len - 36, icc_rem, sizeof(icc_rem));*/ diff --git a/client/src/graph.c b/client/src/graph.c index bf5a042c0..394d3023e 100644 --- a/client/src/graph.c +++ b/client/src/graph.c @@ -471,6 +471,10 @@ bool fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, int *firstClockEdge) { void add_temporary_marker(uint32_t position, const char *label) { if (g_TempMarkerSize == 0) { //Initialize the marker array g_TempMarkers = (marker_t *)calloc(1, sizeof(marker_t)); + if (g_TempMarkers == NULL) { //Unable to allocate memory for the marker array + PrintAndLogEx(FAILED, "Unable to allocate memory for the temporary marker array!"); + return; + } } else { //add more space to the marker array using realloc() marker_t *temp = (marker_t *)realloc(g_TempMarkers, ((g_TempMarkerSize + 1) * sizeof(marker_t))); @@ -487,6 +491,10 @@ void add_temporary_marker(uint32_t position, const char *label) { g_TempMarkers[g_TempMarkerSize].pos = position; char *markerLabel = (char *)calloc(1, strlen(label) + 1); + if (markerLabel == NULL) { + PrintAndLogEx(FAILED, "Unable to allocate memory for marker label!"); + return; + } strcpy(markerLabel, label); if (strlen(markerLabel) > 30) { @@ -512,6 +520,11 @@ void remove_temporary_markers(void) { buffer_savestate_t save_buffer32(uint32_t *src, size_t length) { //calloc the memory needed uint32_t *savedBuffer = (uint32_t *)calloc(length, sizeof(uint32_t)); + if (savedBuffer == NULL) { + PrintAndLogEx(FAILED, "Unable to allocate memory for the buffer!"); + buffer_savestate_t bst = {0}; + return bst; + } //Make a copy of the source buffer memcpy(savedBuffer, src, (length * sizeof(uint32_t))); @@ -529,6 +542,11 @@ buffer_savestate_t save_buffer32(uint32_t *src, size_t length) { buffer_savestate_t save_bufferS32(int32_t *src, size_t length) { //calloc the memory needed uint32_t *savedBuffer = (uint32_t *)calloc(length, (sizeof(uint32_t))); + if (savedBuffer == NULL) { + PrintAndLogEx(FAILED, "Unable to allocate memory for the buffer!"); + buffer_savestate_t bst = {0}; + return bst; + } //Make a copy of the source buffer memcpy(savedBuffer, src, (length * sizeof(uint32_t))); @@ -558,6 +576,11 @@ buffer_savestate_t save_buffer8(uint8_t *src, size_t length) { // calloc the memory needed uint32_t *savedBuffer = (uint32_t *)calloc(buffSize, sizeof(uint32_t)); + if (savedBuffer == NULL) { + PrintAndLogEx(FAILED, "Unable to allocate memory for the buffer!"); + buffer_savestate_t bst = {0}; + return bst; + } size_t index = 0; // Pack the source array into the backing array diff --git a/client/src/loclass/cipher.c b/client/src/loclass/cipher.c index 733f6479a..93fb33bc7 100644 --- a/client/src/loclass/cipher.c +++ b/client/src/loclass/cipher.c @@ -262,6 +262,10 @@ void doMAC_N(uint8_t *address_data_p, uint8_t address_data_size, uint8_t *div_ke uint8_t *address_data; uint8_t div_key[8]; address_data = (uint8_t *) calloc(address_data_size, sizeof(uint8_t)); + if (address_data == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed\n"); + return; + } memcpy(address_data, address_data_p, address_data_size); memcpy(div_key, div_key_p, 8); diff --git a/client/src/loclass/cipherutils.c b/client/src/loclass/cipherutils.c index 9a55979ff..c5ca105a8 100644 --- a/client/src/loclass/cipherutils.c +++ b/client/src/loclass/cipherutils.c @@ -131,6 +131,10 @@ void printarr(const char *name, uint8_t *arr, int len) { int cx, i; size_t outsize = 40 + strlen(name) + len * 5; char *output = calloc(outsize, sizeof(char)); + if (output == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return; + } cx = snprintf(output, outsize, "uint8_t %s[] = {", name); for (i = 0; i < len; i++) { if (cx < outsize) diff --git a/client/src/loclass/elite_crack.c b/client/src/loclass/elite_crack.c index bcd1324ab..c2efaa313 100644 --- a/client/src/loclass/elite_crack.c +++ b/client/src/loclass/elite_crack.c @@ -366,6 +366,10 @@ static void *bf_thread(void *thread_arg) { if (memcmp(calculated_MAC, mac, 4) == 0) { loclass_thread_ret_t *r = (loclass_thread_ret_t *)calloc(sizeof(loclass_thread_ret_t), sizeof(uint8_t)); + if (r == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + pthread_exit(NULL); + } for (uint8_t i = 0 ; i < numbytes_to_recover; i++) { r->values[i] = keytable[bytes_to_recover[i]] & 0xFF; diff --git a/client/src/loclass/ikeys.c b/client/src/loclass/ikeys.c index 44b9234ee..d248d758f 100644 --- a/client/src/loclass/ikeys.c +++ b/client/src/loclass/ikeys.c @@ -550,6 +550,10 @@ void invert_hash0(uint8_t k[8]) { // Initialize an array of pointers to uint64_t (start with one value, initialized to 0) uint64_t *hydra_heads = (uint64_t *)calloc(sizeof(uint64_t), 1); // Start with one uint64_t + if (hydra_heads == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + return; + } hydra_heads[0] = 0; // Initialize first value to 0 int heads_count = 1; // Track number of forks diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c index 159e8a228..f730b90d4 100644 --- a/client/src/mifare/mifarehost.c +++ b/client/src/mifare/mifarehost.c @@ -1077,6 +1077,10 @@ int mf_eml_set_mem_xt(uint8_t *data, int blockNum, int blocksCount, int blockBtW size_t paylen = sizeof(struct p) + size; struct p *payload = calloc(1, paylen); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return PM3_EMALLOC; + } payload->blockno = blockNum; payload->blockcnt = blocksCount; diff --git a/client/src/nfc/ndef.c b/client/src/nfc/ndef.c index fba53ad3f..5c2115f3b 100644 --- a/client/src/nfc/ndef.c +++ b/client/src/nfc/ndef.c @@ -1080,6 +1080,10 @@ static int ndefDecodePayload(NDEFHeader_t *ndef, bool verbose) { } char *begin = calloc(ndef->TypeLen + 1, sizeof(char)); + if (begin == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return PM3_EMALLOC; + } memcpy(begin, ndef->Type, ndef->TypeLen); str_lower(begin); diff --git a/client/src/scripting.c b/client/src/scripting.c index 4bc86fe3d..251a0d915 100644 --- a/client/src/scripting.c +++ b/client/src/scripting.c @@ -1385,6 +1385,10 @@ static int setLuaPath(lua_State *L, const char *path) { const char *cur_path = lua_tostring(L, -1); // grab path string from top of stack int requiredLength = strlen(cur_path) + strlen(path) + 10; //A few bytes too many, whatever we can afford it char *buf = calloc(requiredLength, sizeof(char)); + if (buf == NULL) { + lua_pop(L, 1); // get rid of package table from top of stack + return returnToLuaWithError(L, "Failed to allocate memory"); + } snprintf(buf, requiredLength, "%s;%s", cur_path, path); lua_pop(L, 1); // get rid of the string on the stack we just pushed on line 5 lua_pushstring(L, buf); // push the new one diff --git a/tools/fpga_compress/fpga_compress.c b/tools/fpga_compress/fpga_compress.c index a24b035df..24bd2b35e 100644 --- a/tools/fpga_compress/fpga_compress.c +++ b/tools/fpga_compress/fpga_compress.c @@ -469,6 +469,12 @@ int main(int argc, char **argv) { uint8_t num_output_files = argc - 3; FILE **outfiles = calloc(num_output_files, sizeof(FILE *)); char **outfile_names = calloc(num_output_files, sizeof(char *)); + if (outfiles == NULL || outfile_names == NULL) { + fprintf(stderr, "Error. Cannot allocate memory for output files\n\n"); + free(outfiles); + free(outfile_names); + return (EXIT_FAILURE); + } for (uint8_t i = 0; i < num_output_files; i++) { outfile_names[i] = argv[i + 3]; outfiles[i] = fopen(outfile_names[i], "wb"); @@ -526,6 +532,12 @@ int main(int argc, char **argv) { FILE **infiles = calloc(num_input_files, sizeof(FILE *)); char **infile_names = calloc(num_input_files, sizeof(char *)); + if (infiles == NULL || infile_names == NULL) { + fprintf(stderr, "Error. Cannot allocate memory for input files\n\n"); + free(infile_names); + free(infiles); + return (EXIT_FAILURE); + } for (uint8_t i = 0; i < num_input_files; i++) { infile_names[i] = argv[i + (generate_version_file ? 2 : 1)]; infiles[i] = fopen(infile_names[i], "rb"); diff --git a/tools/mfc/card_reader/mf_nonce_brute.c b/tools/mfc/card_reader/mf_nonce_brute.c index b99486dd9..6504b29ab 100644 --- a/tools/mfc/card_reader/mf_nonce_brute.c +++ b/tools/mfc/card_reader/mf_nonce_brute.c @@ -737,6 +737,10 @@ int main(int argc, const char *argv[]) { printf("----------- " _CYAN_("Phase 1 pre-processing") " ------------------------\n"); printf("Testing default keys using NESTED authentication...\n"); struct thread_key_args *def = calloc(1, sizeof(struct thread_key_args)); + if (def == NULL) { + fprintf(stderr, "Memory allocation failed\n"); + exit(EXIT_FAILURE); + } def->thread = 0; def->idx = 0; def->uid = uid; @@ -758,6 +762,10 @@ int main(int argc, const char *argv[]) { // the rest of available threads to EV1 scenario for (int i = 0; i < thread_count; ++i) { struct thread_args *a = calloc(1, sizeof(struct thread_args)); + if (a == NULL) { + fprintf(stderr, "Memory allocation failed\n"); + exit(EXIT_FAILURE); + } a->xored = xored; a->thread = i; a->idx = i; @@ -780,6 +788,10 @@ int main(int argc, const char *argv[]) { // the rest of available threads to EV1 scenario for (int i = 0; i < thread_count; ++i) { struct thread_args *a = calloc(1, sizeof(struct thread_args)); + if (a == NULL) { + fprintf(stderr, "Memory allocation failed\n"); + exit(EXIT_FAILURE); + } a->xored = xored; a->thread = i; a->idx = i; @@ -823,6 +835,10 @@ int main(int argc, const char *argv[]) { // threads for (int i = 0; i < thread_count; ++i) { struct thread_key_args *b = calloc(1, sizeof(struct thread_key_args)); + if (b == NULL) { + fprintf(stderr, "Memory allocation failed\n"); + exit(EXIT_FAILURE); + } b->thread = i; b->idx = i; b->uid = uid; diff --git a/tools/mfc/card_reader/mf_trace_brute.c b/tools/mfc/card_reader/mf_trace_brute.c index 1a8ce84c8..3eff1bde6 100644 --- a/tools/mfc/card_reader/mf_trace_brute.c +++ b/tools/mfc/card_reader/mf_trace_brute.c @@ -290,6 +290,10 @@ int main(int argc, const char *argv[]) { // threads for (int i = 0; i < thread_count; ++i) { struct thread_args *a = calloc(1, sizeof(struct thread_args)); + if (a == NULL) { + fprintf(stderr, "Failed to allocate memory for thread arguments\n"); + exit(EXIT_FAILURE); + } a->thread = i; a->idx = i; a->uid = uid; diff --git a/tools/mfd_aes_brute/mfd_aes_brute.c b/tools/mfd_aes_brute/mfd_aes_brute.c index 53a984421..839c4bf61 100644 --- a/tools/mfd_aes_brute/mfd_aes_brute.c +++ b/tools/mfd_aes_brute/mfd_aes_brute.c @@ -277,6 +277,10 @@ int main(int argc, char *argv[]) { uint64_t stop_time = time(NULL); for (int i = 0; i < thread_count; ++i) { struct thread_args *a = calloc(1, sizeof(struct thread_args)); + if (a == NULL) { + fprintf(stderr, "Failed to allocate memory for thread arguments\n"); + exit(EXIT_FAILURE); + } a->thread = i; a->idx = i; a->starttime = start_time; diff --git a/tools/mfd_aes_brute/mfd_multi_brute.c b/tools/mfd_aes_brute/mfd_multi_brute.c index 4781d384a..9bd61c563 100644 --- a/tools/mfd_aes_brute/mfd_multi_brute.c +++ b/tools/mfd_aes_brute/mfd_multi_brute.c @@ -471,6 +471,10 @@ int main(int argc, char *argv[]) { uint64_t stop_time = time(NULL); for (int i = 0; i < thread_count; ++i) { struct thread_args *a = calloc(1, sizeof(struct thread_args)); + if (a == NULL) { + fprintf(stderr, "Failed to allocate memory for thread arguments\n"); + exit(EXIT_FAILURE); + } a->thread = i; a->idx = i; a->generator_idx = g_idx;