X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/41dab153055c6bdbbea436b01e7fcf87354c435a..46cd40465a32be6ec9059aa8673ef9d84adb9517:/client/cmdhflegic.c diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c index 5ff60a3a..e9333ef9 100644 --- a/client/cmdhflegic.c +++ b/client/cmdhflegic.c @@ -33,7 +33,6 @@ int CmdHelp(const char *Cmd) * Output BigBuf and deobfuscate LEGIC RF tag data. * This is based on information given in the talk held * by Henryk Ploetz and Karsten Nohl at 26c3 - * FIXME: will crash if sample buffer does not contain valid legic data */ int CmdLegicDecode(const char *Cmd) { @@ -162,7 +161,7 @@ int CmdLegicDecode(const char *Cmd) if (wrc>0) { PrintAndLog("WRC protected area:"); - for (k=0, j=0; k < wrc; k++, i++, j += 3) { + for (k=0, j=0; k < wrc && j<(sizeof(out_string)-3); k++, i++, j += 3) { sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); out_string[j+2] = ' '; }; @@ -175,7 +174,7 @@ int CmdLegicDecode(const char *Cmd) if (wrp>wrc) { PrintAndLog("Remaining write protected area:"); - for (k=0, j=0; k < (wrp-wrc); k++, i++, j += 3) { + for (k=0, j=0; k < (wrp-wrc) && j<(sizeof(out_string)-3); k++, i++, j += 3) { sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); out_string[j+2] = ' '; }; @@ -190,7 +189,7 @@ int CmdLegicDecode(const char *Cmd) } PrintAndLog("Remaining segment payload:"); - for (k=0, j=0; k < (segment_len - wrp - 5); k++, i++, j += 3) { + for (k=0, j=0; k < (segment_len - wrp - 5) && j<(sizeof(out_string)-3); k++, i++, j += 3) { sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); out_string[j+2] = ' '; }; @@ -210,8 +209,8 @@ int CmdLegicRFRead(const char *Cmd) { int byte_count=0,offset=0; sscanf(Cmd, "%i %i", &offset, &byte_count); - if(byte_count == 0) byte_count = 256; - if(byte_count + offset > 256) byte_count = 256 - offset; + if(byte_count == 0) byte_count = -1; + if(byte_count + offset > 1024) byte_count = 1024 - offset; UsbCommand c={CMD_READER_LEGIC_RF, {offset, byte_count, 0}}; SendCommand(&c); return 0;