From fbed3796911dd20e9bb5b29d464156814bfc7917 Mon Sep 17 00:00:00 2001 From: Doridian Date: Fri, 10 Jun 2022 13:02:23 -0700 Subject: [PATCH] snprintf in some commands --- client/src/cmddata.c | 35 ++++++++++++--------- client/src/cmdhf14a.c | 6 ++-- client/src/cmdhf14b.c | 62 ++++++++++++++------------------------ client/src/cmdhf15.c | 12 ++++---- client/src/cmdhfcryptorf.c | 6 ++-- client/src/cmdhfemrtd.c | 18 ++++++----- client/src/cmdhfepa.c | 4 ++- 7 files changed, 67 insertions(+), 76 deletions(-) diff --git a/client/src/cmddata.c b/client/src/cmddata.c index b4fc71744..ad7879650 100644 --- a/client/src/cmddata.c +++ b/client/src/cmddata.c @@ -1967,11 +1967,11 @@ int CmdTuneSamples(const char *Cmd) { memset(judgement, 0, sizeof(judgement)); // LF evaluation if (package->peak_v < LF_UNUSABLE_V) - sprintf(judgement, _RED_("UNUSABLE")); + snprintf(judgement, sizeof(judgement), _RED_("UNUSABLE")); else if (package->peak_v < LF_MARGINAL_V) - sprintf(judgement, _YELLOW_("MARGINAL")); + snprintf(judgement, sizeof(judgement), _YELLOW_("MARGINAL")); else - sprintf(judgement, _GREEN_("OK")); + snprintf(judgement, sizeof(judgement), _GREEN_("OK")); PrintAndLogEx((package->peak_v < LF_UNUSABLE_V) ? WARNING : SUCCESS, "LF antenna is %s", judgement); @@ -1988,11 +1988,11 @@ int CmdTuneSamples(const char *Cmd) { PrintAndLogEx(SUCCESS, "Approx. Q factor (*): %.1lf by peak voltage measurement", hfq); } if (package->v_hf < HF_UNUSABLE_V) - sprintf(judgement, _RED_("UNUSABLE")); + snprintf(judgement, sizeof(judgement), _RED_("UNUSABLE")); else if (package->v_hf < HF_MARGINAL_V) - sprintf(judgement, _YELLOW_("MARGINAL")); + snprintf(judgement, sizeof(judgement), _YELLOW_("MARGINAL")); else - sprintf(judgement, _GREEN_("OK")); + snprintf(judgement, sizeof(judgement), _GREEN_("OK")); PrintAndLogEx((package->v_hf < HF_UNUSABLE_V) ? WARNING : SUCCESS, "HF antenna is %s", judgement); PrintAndLogEx(NORMAL, "\n(*) Q factor must be measured without tag on the antenna"); @@ -3094,23 +3094,28 @@ static int CmdDiff(const char *Cmd) { char ca = inA[j]; char cb = inB[j]; + int dlnALen = strlen(dlnA); + int dlnBLen = strlen(dlnB); + int dlnAiiLen = strlen(dlnAii); + int dlnBiiLen = strlen(dlnBii); + if (inA[j] != inB[j]) { // diff / add colors - sprintf(dlnA + strlen(dlnA), _GREEN_("%02X "), inA[j]); - sprintf(dlnB + strlen(dlnB), _RED_("%02X "), inB[j]); - sprintf(dlnAii + strlen(dlnAii), _GREEN_("%c"), ((ca < 32) || (ca == 127)) ? '.' : ca); - sprintf(dlnBii + strlen(dlnBii), _RED_("%c"), ((cb < 32) || (cb == 127)) ? '.' : cb); + snprintf(dlnA + dlnALen, sizeof(dlnA) - dlnALen, _GREEN_("%02X "), inA[j]); + snprintf(dlnB + dlnBLen, sizeof(dlnB) - dlnBLen, _RED_("%02X "), inB[j]); + snprintf(dlnAii + dlnAiiLen, sizeof(dlnAii) - dlnAiiLen, _GREEN_("%c"), ((ca < 32) || (ca == 127)) ? '.' : ca); + snprintf(dlnBii + dlnBiiLen, sizeof(dlnBii) - dlnBiiLen, _RED_("%c"), ((cb < 32) || (cb == 127)) ? '.' : cb); } else { // normal - sprintf(dlnA + strlen(dlnA), "%02X ", inA[j]); - sprintf(dlnB + strlen(dlnB), "%02X ", inB[j]); - sprintf(dlnAii + strlen(dlnAii), "%c", ((ca < 32) || (ca == 127)) ? '.' : ca); - sprintf(dlnBii + strlen(dlnBii), "%c", ((cb < 32) || (cb == 127)) ? '.' : cb); + snprintf(dlnA + dlnALen, sizeof(dlnA) - dlnALen, "%02X ", inA[j]); + snprintf(dlnB + dlnBLen, sizeof(dlnB) - dlnBLen, "%02X ", inB[j]); + snprintf(dlnAii + dlnAiiLen, sizeof(dlnAii) - dlnAiiLen, "%c", ((ca < 32) || (ca == 127)) ? '.' : ca); + snprintf(dlnBii + dlnBiiLen, sizeof(dlnBii) - dlnBiiLen, "%c", ((cb < 32) || (cb == 127)) ? '.' : cb); } } - sprintf(line, "%s%s | %s%s", dlnA, dlnAii, dlnB, dlnBii); + snprintf(line, sizeof(line), "%s%s | %s%s", dlnA, dlnAii, dlnB, dlnBii); } PrintAndLogEx(INFO, "%03X | %s", i, line); } diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index 0a9f3d22c..0df6ad56f 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -634,7 +634,8 @@ static int CmdHF14ACUIDs(const char *Cmd) { } else { char uid_string[20]; for (uint16_t m = 0; m < card->uidlen; m++) { - sprintf(&uid_string[2 * m], "%02X", card->uid[m]); + int offset = 2 * m; + snprintf(uid_string + offset, sizeof(uid_string) - offset, "%02X", card->uid[m]); } PrintAndLogEx(SUCCESS, "%s", uid_string); } @@ -1377,7 +1378,8 @@ static int waitCmd(bool i_select, uint32_t timeout, bool verbose) { bool crc = check_crc(CRC_14443_A, data, len); char s[16]; - sprintf(s, + snprintf(s, + sizeof(s), (crc) ? _GREEN_("%02X %02X") : _RED_("%02X %02X"), data[len - 2], data[len - 1] diff --git a/client/src/cmdhf14b.c b/client/src/cmdhf14b.c index a096aac54..d981727b4 100644 --- a/client/src/cmdhf14b.c +++ b/client/src/cmdhf14b.c @@ -494,48 +494,31 @@ static int print_atqb_resp(uint8_t *data, uint8_t cid) { } // get SRx chip model (from UID) // from ST Microelectronics -static char *get_st_chip_model(uint8_t data) { - static char model[20]; - char *retStr = model; - memset(model, 0, sizeof(model)); - +static const char *get_st_chip_model(uint8_t data) { switch (data) { case 0x0: - sprintf(retStr, "SRIX4K (Special)"); - break; + return "SRIX4K (Special)"; case 0x2: - sprintf(retStr, "SR176"); - break; + return "SR176"; case 0x3: - sprintf(retStr, "SRIX4K"); - break; + return "SRIX4K"; case 0x4: - sprintf(retStr, "SRIX512"); - break; + return "SRIX512"; case 0x6: - sprintf(retStr, "SRI512"); - break; + return "SRI512"; case 0x7: - sprintf(retStr, "SRI4K"); - break; + return "SRI4K"; case 0xC: - sprintf(retStr, "SRT512"); - break; + return "SRT512"; default : - sprintf(retStr, "Unknown"); - break; + return "Unknown"; } - return retStr; } -static char *get_st_lock_info(uint8_t model, const uint8_t *lockbytes, uint8_t blk) { - - static char str[16]; - char *s = str; - sprintf(s, " "); - +#define ST_LOCK_INFO_EMPTY " " +static const char *get_st_lock_info(uint8_t model, const uint8_t *lockbytes, uint8_t blk) { if (blk > 15) { - return s; + return ST_LOCK_INFO_EMPTY; } uint8_t mask = 0; @@ -571,12 +554,12 @@ static char *get_st_lock_info(uint8_t model, const uint8_t *lockbytes, uint8_t b mask = 0x80; break; default: - return s; + return ST_LOCK_INFO_EMPTY; } if ((lockbytes[1] & mask) == 0) { - sprintf(s, _RED_("1")); + return _RED_("1"); } - return s; + return ST_LOCK_INFO_EMPTY; } case 0x4: // SRIX512 case 0x6: // SRI512 @@ -642,9 +625,9 @@ static char *get_st_lock_info(uint8_t model, const uint8_t *lockbytes, uint8_t b break; } if ((lockbytes[b] & mask) == 0) { - sprintf(s, _RED_("1")); + return _RED_("1"); } - return s; + return ST_LOCK_INFO_EMPTY; } case 0x2: { // SR176 //need data[2] @@ -684,14 +667,14 @@ static char *get_st_lock_info(uint8_t model, const uint8_t *lockbytes, uint8_t b } // iceman: this is opposite! need sample to test with. if ((lockbytes[0] & mask)) { - sprintf(s, _RED_("1")); + return _RED_("1"); } - return s; + return ST_LOCK_INFO_EMPTY; } default: break; } - return s; + return ST_LOCK_INFO_EMPTY; } static uint8_t get_st_chipid(const uint8_t *uid) { @@ -1258,7 +1241,7 @@ static int CmdHF14BWriteSri(const char *Cmd) { char str[36]; memset(str, 0x00, sizeof(str)); - sprintf(str, "--sr -c --data %02x%02x%02x%02x%02x%02x", ISO14443B_WRITE_BLK, blockno, data[0], data[1], data[2], data[3]); + snprintf(str, sizeof(str), "--sr -c --data %02x%02x%02x%02x%02x%02x", ISO14443B_WRITE_BLK, blockno, data[0], data[1], data[2], data[3]); return CmdHF14BCmdRaw(str); } @@ -1439,8 +1422,7 @@ static int CmdHF14BDump(const char *Cmd) { // save to file if (fnlen < 1) { PrintAndLogEx(INFO, "using UID as filename"); - char *fptr = filename; - fptr += sprintf(fptr, "hf-14b-"); + char *fptr = filename + snprintf(filename, sizeof(filename), "hf-14b-"); FillFileNameByUID(fptr, SwapEndian64(card.uid, card.uidlen, 8), "-dump", card.uidlen); } diff --git a/client/src/cmdhf15.c b/client/src/cmdhf15.c index 5ac00a837..d780056a6 100644 --- a/client/src/cmdhf15.c +++ b/client/src/cmdhf15.c @@ -1406,9 +1406,9 @@ static int CmdHF15Dump(const char *Cmd) { for (int i = 0; i < blocknum; i++) { char lck[16] = {0}; if (mem[i].lock) { - sprintf(lck, _RED_("%d"), mem[i].lock); + snprintf(lck, sizeof(lck), _RED_("%d"), mem[i].lock); } else { - sprintf(lck, "%d", mem[i].lock); + snprintf(lck, sizeof(lck), "%d", mem[i].lock); } PrintAndLogEx(INFO, "%3d/0x%02X | %s | %s | %s" , i @@ -1624,9 +1624,9 @@ static int CmdHF15Readmulti(const char *Cmd) { for (int i = start; i < stop; i += 5) { char lck[16] = {0}; if (data[i]) { - sprintf(lck, _RED_("%d"), data[i]); + snprintf(lck, sizeof(lck), _RED_("%d"), data[i]); } else { - sprintf(lck, "%d", data[i]); + snprintf(lck, sizeof(lck), "%d", data[i]); } PrintAndLogEx(INFO, "%3d/0x%02X | %s | %s | %s", currblock, currblock, sprint_hex(data + i + 1, 4), lck, sprint_ascii(data + i + 1, 4)); currblock++; @@ -1746,9 +1746,9 @@ static int CmdHF15Readblock(const char *Cmd) { // print response char lck[16] = {0}; if (data[1]) { - sprintf(lck, _RED_("%d"), data[1]); + snprintf(lck, sizeof(lck), _RED_("%d"), data[1]); } else { - sprintf(lck, "%d", data[1]); + snprintf(lck, sizeof(lck), "%d", data[1]); } PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, " #%3d |lck| ascii", block); diff --git a/client/src/cmdhfcryptorf.c b/client/src/cmdhfcryptorf.c index db17c75c0..552c25590 100644 --- a/client/src/cmdhfcryptorf.c +++ b/client/src/cmdhfcryptorf.c @@ -410,8 +410,7 @@ static int CmdHFCryptoRFDump(const char *Cmd) { if (fnlen < 1) { PrintAndLogEx(INFO, "Using UID as filename"); - char *fptr = filename; - fptr += sprintf(fptr, "hf-cryptorf-"); + char *fptr = filename + snprintf(filename, sizeof(filename), "hf-cryptorf-"); FillFileNameByUID(fptr, card.uid, "-dump", card.uidlen); } @@ -524,8 +523,7 @@ static int CmdHFCryptoRFESave(const char *Cmd) { // user supplied filename? if (fnlen < 1) { PrintAndLogEx(INFO, "Using UID as filename"); - char *fptr = filename; - fptr += sprintf(fptr, "hf-cryptorf-"); + char *fptr = filename + snprintf(filename, sizeof(filename), "hf-cryptorf-"); FillFileNameByUID(fptr, data, "-dump", 4); } diff --git a/client/src/cmdhfemrtd.c b/client/src/cmdhfemrtd.c index 99ab68e5a..44c116b16 100644 --- a/client/src/cmdhfemrtd.c +++ b/client/src/cmdhfemrtd.c @@ -887,7 +887,7 @@ static bool emrtd_do_bac(char *documentnumber, char *dob, char *expiry, uint8_t char expirycd = emrtd_calculate_check_digit(expiry); char kmrz[25]; - sprintf(kmrz, "%s%i%s%i%s%i", documentnumber, documentnumbercd, dob, dobcd, expiry, expirycd); + snprintf(kmrz, sizeof(kmrz), "%s%i%s%i%s%i", documentnumber, documentnumbercd, dob, dobcd, expiry, expirycd); PrintAndLogEx(DEBUG, "kmrz.............. " _GREEN_("%s"), kmrz); uint8_t kseed[20] = { 0x00 }; @@ -1281,16 +1281,16 @@ static void emrtd_print_issuance(char *data, bool ascii) { static void emrtd_print_personalization_timestamp(uint8_t *data) { char str_date[0x0F] = { 0x00 }; - strcpy(str_date, sprint_hex_inrow(data, 0x07)); + strncpy(str_date, sprint_hex_inrow(data, 0x07), sizeof(str_date) - 1); char final_date[20] = { 0x00 }; - sprintf(final_date, "%.4s-%.2s-%.2s %.2s:%.2s:%.2s", str_date, str_date + 4, str_date + 6, str_date + 8, str_date + 10, str_date + 12); + snprintf(final_date, sizeof(final_date), "%.4s-%.2s-%.2s %.2s:%.2s:%.2s", str_date, str_date + 4, str_date + 6, str_date + 8, str_date + 10, str_date + 12); PrintAndLogEx(SUCCESS, "Personalization at....: " _YELLOW_("%s"), final_date); } static void emrtd_print_unknown_timestamp_5f85(uint8_t *data) { char final_date[20] = { 0x00 }; - sprintf(final_date, "%.4s-%.2s-%.2s %.2s:%.2s:%.2s", data, data + 4, data + 6, data + 8, data + 10, data + 12); + snprintf(final_date, sizeof(final_date), "%.4s-%.2s-%.2s %.2s:%.2s:%.2s", data, data + 4, data + 6, data + 8, data + 10, data + 12); PrintAndLogEx(SUCCESS, "Unknown timestamp 5F85: " _YELLOW_("%s"), final_date); PrintAndLogEx(HINT, "This is very likely the personalization timestamp, but it is using an undocumented tag."); @@ -1433,11 +1433,12 @@ static int emrtd_print_ef_dg2_info(uint8_t *data, size_t datalen) { bool is_jpg = (data[offset] == 0xFF); - char *fn = calloc(strlen(dg_table[EF_DG2].filename) + 4 + 1, sizeof(uint8_t)); + size_t fn_len = strlen(dg_table[EF_DG2].filename) + 4 + 1; + char *fn = calloc(fn_len, sizeof(uint8_t)); if (fn == NULL) return PM3_EMALLOC; - sprintf(fn, "%s.%s", dg_table[EF_DG2].filename, (is_jpg) ? "jpg" : "jp2"); + snprintf(fn, fn_len * sizeof(uint8_t), "%s.%s", dg_table[EF_DG2].filename, (is_jpg) ? "jpg" : "jp2"); PrintAndLogEx(DEBUG, "image filename `" _YELLOW_("%s") "`", fn); @@ -1492,11 +1493,12 @@ static int emrtd_print_ef_dg5_info(uint8_t *data, size_t datalen) { bool is_jpg = (data[offset] == 0xFF); - char *fn = calloc(strlen(dg_table[EF_DG5].filename) + 4 + 1, sizeof(uint8_t)); + size_t fn_len = strlen(dg_table[EF_DG5].filename) + 4 + 1; + char *fn = calloc(fn_len, sizeof(uint8_t)); if (fn == NULL) return PM3_EMALLOC; - sprintf(fn, "%s.%s", dg_table[EF_DG5].filename, (is_jpg) ? "jpg" : "jp2"); + snprintf(fn, fn_len * sizeof(uint8_t), "%s.%s", dg_table[EF_DG5].filename, (is_jpg) ? "jpg" : "jp2"); PrintAndLogEx(DEBUG, "image filename `" _YELLOW_("%s") "`", fn); diff --git a/client/src/cmdhfepa.c b/client/src/cmdhfepa.c index 4f230ea04..c676cc2f5 100644 --- a/client/src/cmdhfepa.c +++ b/client/src/cmdhfepa.c @@ -81,9 +81,11 @@ static int CmdHFEPACollectPACENonces(const char *Cmd) { PrintAndLogEx(FAILED, "Error in step %" PRId64 ", Return code: %" PRId64, resp.oldarg[0], resp.oldarg[1]); } else { size_t nonce_length = resp.oldarg[1]; + size_t nonce_length_bytes = 2 * nonce_length + 1; char *nonce = (char *) calloc(2 * nonce_length + 1, sizeof(uint8_t)); for (int j = 0; j < nonce_length; j++) { - sprintf(nonce + (2 * j), "%02X", resp.data.asBytes[j]); + int nonce_offset = 2 * j; + snprintf(nonce + nonce_offset, (nonce_length_bytes * sizeof(uint8_t)) - nonce_offset, "%02X", resp.data.asBytes[j]); } // print nonce PrintAndLogEx(SUCCESS, "Length: %zu, Nonce: %s", nonce_length, nonce);