From c37ca881e6d6068dc0d0283ebd310b5b71d641d0 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 24 Mar 2025 11:17:40 +0100 Subject: [PATCH] a few calloc checks, still many to go --- armsrc/frozen.c | 5 ++++- client/deps/hardnested/hardnested_tables.c | 4 ++++ client/src/cmdcrc.c | 8 ++++++++ client/src/cmdflashmem.c | 4 ++++ client/src/cmdhf15.c | 9 +++++++++ client/src/cmdhffudan.c | 4 ++++ client/src/cmdhflegic.c | 22 ++++++++++++++++++++++ client/src/cmdhfmfp.c | 4 ++++ client/src/cmdhfmfu.c | 4 ++++ client/src/cmdhfntag424.c | 4 ++++ client/src/cmdhftopaz.c | 4 ++++ client/src/cmdlfawid.c | 13 +++++++++++++ 12 files changed, 84 insertions(+), 1 deletion(-) diff --git a/armsrc/frozen.c b/armsrc/frozen.c index 43e5852e4..874e81988 100644 --- a/armsrc/frozen.c +++ b/armsrc/frozen.c @@ -1360,7 +1360,7 @@ int json_prettify(const char *s, int len, struct json_out *out) { int json_prettify_file(const char *file_name) WEAK; int json_prettify_file(const char *file_name) { int res = -1; - char *s = json_fread(file_name); + const char *s = json_fread(file_name); FILE *fp; if (s != NULL && (fp = fopen(file_name, "wb")) != NULL) { struct json_out out = JSON_OUT_FILE(fp); @@ -1369,6 +1369,9 @@ int json_prettify_file(const char *file_name) { /* On error, restore the old content */ fclose(fp); fp = fopen(file_name, "wb"); + if (fp == NULL) { + return -1; + } fseek(fp, 0, SEEK_SET); fwrite(s, 1, strlen(s), fp); } else { diff --git a/client/deps/hardnested/hardnested_tables.c b/client/deps/hardnested/hardnested_tables.c index aade0c0cd..7931c5f50 100644 --- a/client/deps/hardnested/hardnested_tables.c +++ b/client/deps/hardnested/hardnested_tables.c @@ -203,6 +203,10 @@ static void write_bitflips_file(odd_even_t odd_even, uint16_t bitflip, int sum_a char filename[80]; snprintf(filename, sizeof(filename), "bitflip_%d_%03" PRIx16 "_sum%d_states.bin", odd_even, bitflip, sum_a0); FILE *outfile = fopen(filename, "wb"); + if (outfile == NULL) { + perror("Error opening file"); + exit(4); + } fwrite(&count, 1, sizeof(count), outfile); fwrite(bitset, 1, sizeof(uint32_t) * (1 << 19), outfile); fclose(outfile); diff --git a/client/src/cmdcrc.c b/client/src/cmdcrc.c index 8d8969584..63d9d9ddd 100644 --- a/client/src/cmdcrc.c +++ b/client/src/cmdcrc.c @@ -56,6 +56,10 @@ static int split(char *str, char *arr[MAX_ARGS]) { } int len = endIndex - beginIndex; char *tmp = calloc(len + 1, sizeof(char)); + if (tmp == NULL) { + PrintAndLogEx(WARNING, "Memory allocation failed"); + return wordCnt; + } memcpy(tmp, &str[beginIndex], len); arr[wordCnt++] = tmp; beginIndex = endIndex; @@ -428,6 +432,10 @@ static int CmdrevengTestC(const char *Cmd) { //returns a calloced string (needs to be freed) static char *SwapEndianStr(const char *inStr, const size_t len, const uint8_t blockSize) { char *tmp = calloc(len + 1, sizeof(char)); + if (tmp == NULL) { + PrintAndLogEx(WARNING, "Memory allocation failed"); + return NULL; + } for (uint8_t block = 0; block < (uint8_t)(len / blockSize); block++) { for (size_t i = 0; i < blockSize; i += 2) { tmp[i + (blockSize * block)] = inStr[(blockSize - 1 - i - 1) + (blockSize * block)]; diff --git a/client/src/cmdflashmem.c b/client/src/cmdflashmem.c index 33b821eca..97596850d 100644 --- a/client/src/cmdflashmem.c +++ b/client/src/cmdflashmem.c @@ -619,6 +619,10 @@ static int CmdFlashMemInfo(const char *Cmd) { } else { rsa = (mbedtls_rsa_context *)calloc(1, sizeof(mbedtls_rsa_context)); + if (rsa == NULL) { + PrintAndLogEx(FAILED, "failed to allocate rsa context memory"); + return PM3_EMALLOC; + } mbedtls_rsa_init(rsa, MBEDTLS_RSA_PKCS_V15, 0); rsa->len = RRG_RSA_KEY_LEN; diff --git a/client/src/cmdhf15.c b/client/src/cmdhf15.c index 961607e9c..e2d1030a2 100644 --- a/client/src/cmdhf15.c +++ b/client/src/cmdhf15.c @@ -1199,6 +1199,10 @@ static int hf15EmlSetMem(const uint8_t *data, uint16_t count, size_t offset) { size_t paylen = sizeof(struct p) + count; struct p *payload = calloc(1, paylen); + if (payload == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + return PM3_EMALLOC; + } payload->offset = offset; payload->count = count; @@ -2733,6 +2737,11 @@ static int CmdHF15Restore(const char *Cmd) { size_t bytes = 0; uint16_t i = 0; uint8_t *data = calloc(tag->bytesPerPage, sizeof(uint8_t)); + if (data == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + free(tag); + return PM3_EMALLOC; + } uint32_t tried; while (bytes < (tag->pagesCount * tag->bytesPerPage)) { diff --git a/client/src/cmdhffudan.c b/client/src/cmdhffudan.c index 4a8e59bcc..23b364bf7 100644 --- a/client/src/cmdhffudan.c +++ b/client/src/cmdhffudan.c @@ -71,6 +71,10 @@ static char *GenerateFilename(iso14a_card_select_t *card, const char *prefix, co return NULL; } char *fptr = calloc(sizeof(char) * (strlen(prefix) + strlen(suffix)) + sizeof(card->uid) * 2 + 1, sizeof(uint8_t)); + if (fptr == NULL) { + PrintAndLogEx(FAILED, "Memory allocation failed"); + return NULL; + } strcpy(fptr, prefix); FillFileNameByUID(fptr, card->uid, suffix, card->uidlen); return fptr; diff --git a/client/src/cmdhflegic.c b/client/src/cmdhflegic.c index 907d53ab5..9a273f7ef 100644 --- a/client/src/cmdhflegic.c +++ b/client/src/cmdhflegic.c @@ -642,6 +642,10 @@ static int CmdLegicWrbl(const char *Cmd) { PrintAndLogEx(SUCCESS, "Writing to tag to offset %i", offset); legic_packet_t *payload = calloc(1, sizeof(legic_packet_t) + dlen); + if (payload == NULL) { + PrintAndLogEx(WARNING, "Cannot allocate memory"); + return PM3_EMALLOC; + } payload->offset = (offset & 0xFFFF); payload->iv = (IV & 0x7F); payload->len = dlen; @@ -719,6 +723,10 @@ int legic_read_mem(uint32_t offset, uint32_t len, uint32_t iv, uint8_t *out, uin legic_chk_iv(&iv); legic_packet_t *payload = calloc(1, sizeof(legic_packet_t)); + if (payload == NULL) { + PrintAndLogEx(WARNING, "Cannot allocate memory"); + return PM3_EMALLOC; + } payload->offset = (offset & 0xFFFF); payload->iv = iv; payload->len = len; @@ -817,6 +825,10 @@ void legic_seteml(uint8_t *src, uint32_t offset, uint32_t numofbytes) { } legic_packet_t *payload = calloc(1, sizeof(legic_packet_t) + len); + if (payload == NULL) { + PrintAndLogEx(WARNING, "Cannot allocate memory"); + return; + } payload->offset = i; payload->len = len; memcpy(payload->data, src + i, len); @@ -1027,6 +1039,11 @@ static int CmdLegicRestore(const char *Cmd) { } legic_packet_t *payload = calloc(1, sizeof(legic_packet_t) + len); + if (payload == NULL) { + PrintAndLogEx(WARNING, "Cannot allocate memory"); + free(dump); + return PM3_EMALLOC; + } payload->offset = i; payload->iv = 0x55; payload->len = len; @@ -1360,6 +1377,11 @@ static int CmdLegicWipe(const char *Cmd) { } legic_packet_t *payload = calloc(1, sizeof(legic_packet_t) + len); + if (payload == NULL) { + PrintAndLogEx(WARNING, "Cannot allocate memory"); + free(data); + return PM3_EMALLOC; + } payload->offset = i; payload->iv = 0x55; payload->len = len; diff --git a/client/src/cmdhfmfp.c b/client/src/cmdhfmfp.c index d407cfe9a..7893860f9 100644 --- a/client/src/cmdhfmfp.c +++ b/client/src/cmdhfmfp.c @@ -1675,6 +1675,10 @@ static int CmdHFMFPChk(const char *Cmd) { } char *fptr = calloc(sizeof(char) * (strlen("hf-mfp-") + strlen("-key")) + card.uidlen * 2 + 1, sizeof(uint8_t)); + if (fptr == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return PM3_EMALLOC; + } strcpy(fptr, "hf-mfp-"); FillFileNameByUID(fptr, card.uid, "-key", card.uidlen); diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index 2591912f1..fad468193 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -1572,6 +1572,10 @@ static char *mfu_generate_filename(const char *prefix, const char *suffix) { } char *fptr = calloc(sizeof(char) * (strlen(prefix) + strlen(suffix)) + sizeof(card.uid) * 2 + 1, sizeof(uint8_t)); + if (fptr == NULL) { + PrintAndLogEx(FAILED, "Memory allocation failed"); + return NULL; + } strcpy(fptr, prefix); FillFileNameByUID(fptr, card.uid, suffix, card.uidlen); return fptr; diff --git a/client/src/cmdhfntag424.c b/client/src/cmdhfntag424.c index ec7aeb8a2..372dd027d 100644 --- a/client/src/cmdhfntag424.c +++ b/client/src/cmdhfntag424.c @@ -290,6 +290,10 @@ static void ntag424_calc_mac(const ntag424_session_keys_t *session_keys, uint8_t int mac_input_len = sizeof(mac_input_header) + datalen; uint8_t *mac_input = (uint8_t *)calloc(mac_input_len, sizeof(uint8_t)); + if (mac_input == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return; + } memcpy(mac_input, mac_input_header, sizeof(mac_input_header)); memcpy(&mac_input[sizeof(mac_input_header)], data, datalen); uint8_t mac[16] = {0}; diff --git a/client/src/cmdhftopaz.c b/client/src/cmdhftopaz.c index 3646014db..f191ce160 100644 --- a/client/src/cmdhftopaz.c +++ b/client/src/cmdhftopaz.c @@ -547,6 +547,10 @@ static void topaz_print_control_TLVs(uint8_t *memory) { old = old->next; } new = old->next = (dynamic_lock_area_t *) calloc(sizeof(dynamic_lock_area_t), sizeof(uint8_t)); + if (new == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed"); + return; + } } new->next = NULL; diff --git a/client/src/cmdlfawid.c b/client/src/cmdlfawid.c index 716da0310..8f2acc151 100644 --- a/client/src/cmdlfawid.c +++ b/client/src/cmdlfawid.c @@ -59,6 +59,10 @@ static int sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, uin } lf_fsksim_t *payload = calloc(1, sizeof(lf_fsksim_t) + bs_len); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed."); + return PM3_EMALLOC; + } payload->fchigh = 10; payload->fclow = 8; payload->separator = 1; @@ -404,6 +408,11 @@ static int CmdAWIDClone(const char *Cmd) { uint8_t *bits = calloc(96, sizeof(uint8_t)); + if (bits == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed."); + return PM3_EMALLOC; + } + if (getAWIDBits(fmtlen, fc, cn, bits) != PM3_SUCCESS) { PrintAndLogEx(ERR, "Error with tag bitstream generation."); free(bits); @@ -479,6 +488,10 @@ static int CmdAWIDSim(const char *Cmd) { // arg2 --- Inversion and clk setting // 96 --- Bitstream length: 96-bits == 12 bytes lf_fsksim_t *payload = calloc(1, sizeof(lf_fsksim_t) + sizeof(bs)); + if (payload == NULL) { + PrintAndLogEx(ERR, "Memory allocation failed."); + return PM3_EMALLOC; + } payload->fchigh = 10; payload->fclow = 8; payload->separator = 1;