From 3128f56dcaae81692126a683874cdaf6447bf37e Mon Sep 17 00:00:00 2001 From: merlokk Date: Tue, 21 Nov 2017 00:38:46 +0200 Subject: [PATCH] added maxdataoutlen to 14a apdu --- client/cmdhf14a.c | 10 ++++++++-- client/cmdhf14a.h | 2 +- client/emv/emvcore.c | 6 +++--- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 4b3975b3..749f0611 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -648,7 +648,7 @@ void DropField() { SendCommand(&c); } -int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int *dataoutlen) { +int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { uint16_t cmdc = 0; if (activateField) { @@ -686,6 +686,12 @@ int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool lea *dataoutlen = iLen - 2; if (*dataoutlen < 0) *dataoutlen = 0; + + if (maxdataoutlen && *dataoutlen > maxdataoutlen) { + PrintAndLog("APDU ERROR: Buffer too small(%d). Needs %d bytes", *dataoutlen, maxdataoutlen); + return 2; + } + memcpy(dataout, recv, *dataoutlen); if(!iLen) { @@ -779,7 +785,7 @@ int CmdHF14AAPDU(const char *cmd) { PrintAndLog(">>>>[%s%s%s] %s", activateField ? "sel ": "", leaveSignalON ? "keep ": "", decodeTLV ? "TLV": "", sprint_hex(data, datalen)); - int res = ExchangeAPDU14a(data, datalen, activateField, leaveSignalON, data, &datalen); + int res = ExchangeAPDU14a(data, datalen, activateField, leaveSignalON, data, USB_CMD_DATA_SIZE, &datalen); if (res) return res; diff --git a/client/cmdhf14a.h b/client/cmdhf14a.h index 6f6df907..401cead0 100644 --- a/client/cmdhf14a.h +++ b/client/cmdhf14a.h @@ -31,6 +31,6 @@ int CmdHF14ASnoop(const char *Cmd); char* getTagInfo(uint8_t uid); extern void DropField(); -extern int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int *dataoutlen); +extern int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen); #endif diff --git a/client/emv/emvcore.c b/client/emv/emvcore.c index 7481af4f..5c737b05 100644 --- a/client/emv/emvcore.c +++ b/client/emv/emvcore.c @@ -157,7 +157,7 @@ int EMVSelect(bool ActivateField, bool LeaveFieldON, uint8_t *AID, size_t AIDLen if (APDULogging) PrintAndLog(">>>> %s", sprint_hex(data, AIDLen + 6)); - int res = ExchangeAPDU14a(data, AIDLen + 6, ActivateField, LeaveFieldON, Result, (int *)ResultLen); + int res = ExchangeAPDU14a(data, AIDLen + 6, ActivateField, LeaveFieldON, Result, (int)MaxResultLen, (int *)ResultLen); if (APDULogging) PrintAndLog("<<<< %s", sprint_hex(Result, *ResultLen)); @@ -381,7 +381,7 @@ int EMVGPO(bool LeaveFieldON, uint8_t *PDOL, size_t PDOLLen, uint8_t *Result, si if (APDULogging) PrintAndLog(">>>> %s", sprint_hex(data, PDOLLen + 5)); - int res = ExchangeAPDU14a(data, PDOLLen + 5, false, LeaveFieldON, Result, (int *)ResultLen); + int res = ExchangeAPDU14a(data, PDOLLen + 5, false, LeaveFieldON, Result, (int)MaxResultLen, (int *)ResultLen); if (APDULogging) PrintAndLog("<<<< %s", sprint_hex(Result, *ResultLen)); @@ -431,7 +431,7 @@ int EMVReadRecord(bool LeaveFieldON, uint8_t SFI, uint8_t SFIrec, uint8_t *Resul if (APDULogging) PrintAndLog(">>>> %s", sprint_hex(data, 5)); - int res = ExchangeAPDU14a(data, 5, false, LeaveFieldON, Result, (int *)ResultLen); + int res = ExchangeAPDU14a(data, 5, false, LeaveFieldON, Result, (int)MaxResultLen, (int *)ResultLen); if (APDULogging) PrintAndLog("<<<< %s", sprint_hex(Result, *ResultLen));