]> git.zerfleddert.de Git - proxmark3-svn/commitdiff
projects / proxmark3-svn / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c2ca504)
coverity scan bug fixes
authormarshmellow42 <marshmellowrf@gmail.com>
Tue, 6 Jun 2017 16:12:18 +0000 (12:12 -0400)
committermarshmellow42 <marshmellowrf@gmail.com>
Tue, 6 Jun 2017 16:12:18 +0000 (12:12 -0400)
mfu keyNo buffer overflow
mf reader attack key count reduced to not overrun c.d.asBytes buffer.

armsrc/iso14443a.c patch | blob | blame | history
client/cmdhfmf.c patch | blob | blame | history
client/cmdhfmfu.c patch | blob | blame | history

diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c
index b18a2fe60265c0ef5a4750a2c873c0bb8d7f3002..d648beee338f293b08c45bc9db62d2bf5f019d75 100644 (file)
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@@ -2418,8 +2418,8 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
        //Here, we collect UID,sector,keytype,NT,AR,NR,NT2,AR2,NR2
        // This will be used in the reader-only attack.
 
-       //allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys
-       #define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack()
+       //allow collecting up to 7 sets of nonces to allow recovery of up to 7 keys
+       #define ATTACK_KEY_COUNT 7 // keep same as define in cmdhfmf.c -> readerAttack() (Cannot be more than 7)
        nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types (nml, moebius)
        memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
 
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index 5b4a0b2a401a48ead9d8e7375c3211047a40061b..28198876991a750885e0993c0be76464af9a1e18 100644 (file)
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -1120,7 +1120,8 @@ int CmdHF14AMfChk(const char *Cmd)
 }\r
 \r
 void readerAttack(nonces_t ar_resp[], bool setEmulatorMem, bool doStandardAttack) {\r
-       #define ATTACK_KEY_COUNT 8 // keep same as define in iso14443a.c -> Mifare1ksim()\r
+       #define ATTACK_KEY_COUNT 7 // keep same as define in iso14443a.c -> Mifare1ksim()\r
+                                  // cannot be more than 7 or it will overrun c.d.asBytes(512)\r
        uint64_t key = 0;\r
        typedef struct {\r
                        uint64_t keyA;\r
diff --git a/client/cmdhfmfu.c b/client/cmdhfmfu.c
index ed8c588d3e4750a9c3edf0aee508799a665324d5..815022501bc97b227d0b48a32400659dd2cf5e81 100644 (file)
--- a/client/cmdhfmfu.c
+++ b/client/cmdhfmfu.c
@@ -1474,7 +1474,7 @@ int CmdHF14AMfucAuth(const char *Cmd){
        //Change key to user defined one
        if (cmdp == 'k' || cmdp == 'K'){
                keyNo = param_get8(Cmd, 1);
-               if(keyNo > KEYS_3DES_COUNT) 
+               if(keyNo > KEYS_3DES_COUNT-1
                        errors = true;
        }
 
Proxmark3 GIT tracking
Impressum, Datenschutz