Merge pull request #311 from marshmellow42/master

a few coverity scan bug fixes
2025-08-19 04:49:38 -07:00 · 2017-06-07 22:31:52 +02:00 · 2017-06-07 22:31:52 +02:00 · 6b6aafabcf
commit 6b6aafabcf
parent 5dd5bfb268 2c51d4cfa6
6 changed files with 125 additions and 121 deletions
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -2418,8 +2418,8 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 	//Here, we collect UID,sector,keytype,NT,AR,NR,NT2,AR2,NR2
 	// This will be used in the reader-only attack.

-	//allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys
-	#define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack()
+	//allow collecting up to 7 sets of nonces to allow recovery of up to 7 keys
+	#define ATTACK_KEY_COUNT 7 // keep same as define in cmdhfmf.c -> readerAttack() (Cannot be more than 7)
 	nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types (nml, moebius)
 	memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));

--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@ -656,10 +656,12 @@ int CmdHF14ACmdRaw(const char *cmd) {
 				sscanf(buf,"%x",&temp);
 				data[datalen]=(uint8_t)(temp & 0xff);
 				*buf=0;
-				if (++datalen>sizeof(data)){
+				if (datalen > sizeof(data)-1) {
 					if (crc)
 						PrintAndLog("Buffer is full, we can't add CRC to your data");
 					break;
+				} else {
+					datalen++;
 				}
 			}
 			continue;
@ -709,8 +711,8 @@ int CmdHF14ACmdRaw(const char *cmd) {
 		c.arg[0] |= ISO14A_TOPAZMODE;
 	}

-	// Max buffer is USB_CMD_DATA_SIZE
-    c.arg[1] = (datalen & 0xFFFF) | (numbits << 16);
+	// Max buffer is USB_CMD_DATA_SIZE (512)
+	c.arg[1] = (datalen & 0xFFFF) | ((uint32_t)numbits << 16);
 	memcpy(c.d.asBytes,data,datalen);

 	SendCommand(&c);
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@ -970,6 +970,7 @@ int CmdHF14AMfChk(const char *Cmd)
 		break;
 	default:
 		PrintAndLog("Key type must be A , B or ?");
+		free(keyBlock);
 		return 1;
 	};
 	
@ -1120,7 +1121,8 @@ int CmdHF14AMfChk(const char *Cmd)
 }

 void readerAttack(nonces_t ar_resp[], bool setEmulatorMem, bool doStandardAttack) {
-	#define ATTACK_KEY_COUNT 8 // keep same as define in iso14443a.c -> Mifare1ksim()
+	#define ATTACK_KEY_COUNT 7 // keep same as define in iso14443a.c -> Mifare1ksim()
+	                           // cannot be more than 7 or it will overrun c.d.asBytes(512)
 	uint64_t key = 0;
 	typedef struct {
 			uint64_t keyA;
--- a/client/cmdhfmfu.c
+++ b/client/cmdhfmfu.c
@ -1474,7 +1474,7 @@ int CmdHF14AMfucAuth(const char *Cmd){
 	//Change key to user defined one
 	if (cmdp == 'k' || cmdp == 'K'){
 		keyNo = param_get8(Cmd, 1);
-		if(keyNo > KEYS_3DES_COUNT) 
+		if(keyNo > KEYS_3DES_COUNT-1) 
 			errors = true;
 	}

--- a/client/cmdlfpresco.c
+++ b/client/cmdlfpresco.c
@ -68,8 +68,8 @@ int GetWiegandFromPresco(const char *Cmd, uint32_t *sitecode, uint32_t *usercode
 				*fullcode = param_get32ex(Cmd, cmdp+1, 0, 10);
 				cmdp+=2;
 				break;
-			case 'P':
-			case 'p':
+			case 'D':
+			case 'd':
 				//param get string int param_getstr(const char *line, int paramnum, char * str)
 				stringlen = param_getstr(Cmd, cmdp+1, id);
 				if (stringlen < 2) return -1;
@ -91,7 +91,7 @@ int GetWiegandFromPresco(const char *Cmd, uint32_t *sitecode, uint32_t *usercode
 	if(cmdp == 0) errors = 1;

 	//Validations
-	if(errors) return -1;
+	if(errors || (stringlen == 0 && !hex) ) return -1;

 	if (!hex) {
 		for (int index =0; index < strlen(id); ++index) {
--- a/client/proxguiqt.h
+++ b/client/proxguiqt.h
@ -128,7 +128,7 @@ public:
 	void run();
 private:
 	char *script_cmds_file = NULL;
-	bool usb_present = false;
+	bool usb_present;
 };

 #endif // PROXGUI_QT