From e7feadf32ce9f0993c3b9d933fb631c7451b17c3 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 27 May 2020 22:33:16 +0200 Subject: [PATCH] fix out of bound --- client/src/cmdhfmfdes.c | 25 ++++++++++++------------- client/src/cmdhfmfp.c | 5 ++--- client/src/cmdhfmfu.c | 7 ++++--- 3 files changed, 18 insertions(+), 19 deletions(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 5e9a49c26..b1de9109e 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -1050,7 +1050,6 @@ static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t sign }; uint8_t i; - int res; bool is_valid = false; for (i = 0; i < ARRAYLEN(nxp_desfire_public_keys); i++) { @@ -1059,12 +1058,12 @@ static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t sign uint8_t key[PUBLIC_DESFIRE_ECDA_KEYLEN]; param_gethex_to_eol(nxp_desfire_public_keys[i].value, 0, key, PUBLIC_DESFIRE_ECDA_KEYLEN, &dl); - res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, key, uid, 7, signature, signature_len, false); + int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, key, uid, 7, signature, signature_len, false); is_valid = (res == 0); if (is_valid) break; } - if (is_valid == false) { + if (is_valid == false || i == ARRAYLEN(nxp_desfire_public_keys)) { PrintAndLogEx(SUCCESS, "Signature verification " _RED_("failed")); return PM3_ESOFT; } @@ -3982,21 +3981,21 @@ static int CmdHF14aDesChk(const char *Cmd) { // dictionary mode size_t endFilePosition = 0; if (dict_filenamelen) { - uint32_t keycnt = 0; - res = loadFileDICTIONARYEx((char *)dict_filename, deskeyList, sizeof(deskeyList), NULL, 8, &keycnt, 0, &endFilePosition, true); - deskeyListLen = keycnt; - if (endFilePosition) + + res = loadFileDICTIONARYEx((char *)dict_filename, deskeyList, sizeof(deskeyList), NULL, 8, &deskeyListLen, 0, &endFilePosition, true); + if (res == PM3_SUCCESS && endFilePosition) PrintAndLogEx(SUCCESS, "First part of des dictionary successfully loaded."); + endFilePosition = 0; - res = loadFileDICTIONARYEx((char *)dict_filename, aeskeyList, sizeof(aeskeyList), NULL, 16, &keycnt, 0, &endFilePosition, true); - aeskeyListLen = keycnt; - if (endFilePosition) + res = loadFileDICTIONARYEx((char *)dict_filename, aeskeyList, sizeof(aeskeyList), NULL, 16, &aeskeyListLen, 0, &endFilePosition, true); + if (res == PM3_SUCCESS && endFilePosition) PrintAndLogEx(SUCCESS, "First part of aes dictionary successfully loaded."); + endFilePosition = 0; - res = loadFileDICTIONARYEx((char *)dict_filename, k3kkeyList, sizeof(k3kkeyList), NULL, 24, &keycnt, 0, &endFilePosition, true); - k3kkeyListLen = keycnt; - if (endFilePosition) + res = loadFileDICTIONARYEx((char *)dict_filename, k3kkeyList, sizeof(k3kkeyList), NULL, 24, &k3kkeyListLen, 0, &endFilePosition, true); + if (PM3_SUCCESS && endFilePosition) PrintAndLogEx(SUCCESS, "First part of k3kdes dictionary successfully loaded."); + endFilePosition = 0; } diff --git a/client/src/cmdhfmfp.c b/client/src/cmdhfmfp.c index b3c8e5c22..12fbce4d7 100644 --- a/client/src/cmdhfmfp.c +++ b/client/src/cmdhfmfp.c @@ -168,7 +168,6 @@ static int plus_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature }; uint8_t i; - int res; bool is_valid = false; for (i = 0; i < ARRAYLEN(nxp_plus_public_keys); i++) { @@ -177,7 +176,7 @@ static int plus_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature uint8_t key[PUBLIC_PLUS_ECDA_KEYLEN]; param_gethex_to_eol(nxp_plus_public_keys[i].value, 0, key, PUBLIC_PLUS_ECDA_KEYLEN, &dl); - res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, key, uid, uidlen, signature, signature_len, false); + int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, key, uid, uidlen, signature, signature_len, false); is_valid = (res == 0); if (is_valid) break; @@ -186,7 +185,7 @@ static int plus_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); - if (is_valid == false) { + if (is_valid == false || i == ARRAYLEN(nxp_plus_public_keys)) { PrintAndLogEx(SUCCESS, "Signature verification " _RED_("failed")); return PM3_ESOFT; } diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index b150d3435..b35a27e49 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -347,8 +347,7 @@ static int ul_select(iso14a_card_select_t *card) { ul_switch_on_field(); PacketResponseNG resp; - bool ans = false; - ans = WaitForResponseTimeout(CMD_ACK, &resp, 1500); + bool ans = WaitForResponseTimeout(CMD_ACK, &resp, 1500); if (!ans || resp.oldarg[0] < 1) { PrintAndLogEx(WARNING, "iso14443a card select failed"); @@ -946,7 +945,7 @@ static int ulev1_print_signature(TagTypeUL_t tagtype, uint8_t *uid, uint8_t *sig } PrintAndLogEx(NORMAL, ""); - if (is_valid == false) { + if (is_valid == false || i == ARRAYLEN(nxp_mfu_public_keys)) { PrintAndLogEx(SUCCESS, "Signature verification " _RED_("failed")); return PM3_ESOFT; } @@ -982,7 +981,9 @@ static int ntag_print_counter(void) { uint8_t counter[3] = {0, 0, 0}; uint16_t len; len = ulev1_readTearing(0x02, tear, sizeof(tear)); + (void)len; len = ulev1_readCounter(0x02, counter, sizeof(counter)); + (void)len; PrintAndLogEx(INFO, " [02]: %s", sprint_hex(counter, 3)); PrintAndLogEx(SUCCESS, " - %02X tearing (" _GREEN_("%s")")", tear[0], (tear[0] == 0xBD) ? "ok" : "failure"); return len;