FIX: ELOAD/ESAVE/CLOAD/CSAVE filename bufferoverflow, and filename generation if...

author iceman1001 <iceman@iuse.se>

Sun, 24 May 2015 19:50:15 +0000 (21:50 +0200)

committer iceman1001 <iceman@iuse.se>

Sun, 24 May 2015 19:50:15 +0000 (21:50 +0200)
author iceman1001 <iceman@iuse.se>
Sun, 24 May 2015 19:50:15 +0000 (21:50 +0200)
committer iceman1001 <iceman@iuse.se>
Sun, 24 May 2015 19:50:15 +0000 (21:50 +0200)
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c

index 676a8884c863f30ffbcae7d1a63adead2d1036f8..f486fc2540ba16377439530ac7ef03a1856abc4d 100644 (file)
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -1200,9 +1200,9 @@ int CmdHF14AMfELoad(const char *Cmd)
  \r
         len = param_getstr(Cmd,nameParamNo,filename);\r
         \r
-       if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;\r
+       if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;\r
  \r
-       fnameptr += len-4;\r
+       fnameptr += len;\r
  \r
         sprintf(fnameptr, ".eml"); \r
         \r
@@ -1299,19 +1299,22 @@ int CmdHF14AMfESave(const char *Cmd)
  \r
         len = param_getstr(Cmd,nameParamNo,filename);\r
         \r
-       if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;\r
+       if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;\r
         \r
         // user supplied filename?\r
         if (len < 1) {\r
                 // get filename (UID from memory)\r
                 if (mfEmlGetMem(buf, 0, 1)) {\r
                         PrintAndLog("Can\'t get UID from block: %d", 0);\r
-                       sprintf(filename, "dump.eml"); \r
+                       len = sprintf(fnameptr, "dump"); \r
+                       fnameptr += len;\r
+               }\r
+               else {\r
+                       for (j = 0; j < 7; j++, fnameptr += 2)\r
+                               sprintf(fnameptr, "%02X", buf[j]); \r
                 }\r
-               for (j = 0; j < 7; j++, fnameptr += 2)\r
-                       sprintf(fnameptr, "%02X", buf[j]); \r
         } else {\r
-               fnameptr += len-4;\r
+               fnameptr += len;\r
         }\r
  \r
         // add file extension\r
@@ -1572,10 +1575,10 @@ int CmdHF14AMfCLoad(const char *Cmd)
                 return 0;\r
         } else {\r
                 len = strlen(Cmd);\r
-               if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;\r
+               if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;\r
  \r
                 memcpy(filename, Cmd, len);\r
-               fnameptr += len-4;\r
+               fnameptr += len;\r
  \r
                 sprintf(fnameptr, ".eml"); \r
         \r
@@ -1742,16 +1745,18 @@ int CmdHF14AMfCSave(const char *Cmd) {
                 return 0;\r
         } else {\r
                 len = strlen(Cmd);\r
-               if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;\r
+               if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;\r
         \r
                 if (len < 1) {\r
                         // get filename\r
                         if (mfCGetBlock(0, buf, CSETBLOCK_SINGLE_OPER)) {\r
                                 PrintAndLog("Cant get block: %d", 0);\r
-                               return 1;\r
+                               len = sprintf(fnameptr, "dump");\r
+                               fnameptr += len;\r
+                       } else {\r
+                               for (j = 0; j < 7; j++, fnameptr += 2)\r
+                                       sprintf(fnameptr, "%02x", buf[j]); \r
                         }\r
-                       for (j = 0; j < 7; j++, fnameptr += 2)\r
-                               sprintf(fnameptr, "%02x", buf[j]); \r
                 } else {\r
                         memcpy(filename, Cmd, len);\r
                         fnameptr += len;\r
author	iceman1001 <iceman@iuse.se>
	Sun, 24 May 2015 19:50:15 +0000 (21:50 +0200)
committer	iceman1001 <iceman@iuse.se>
	Sun, 24 May 2015 19:50:15 +0000 (21:50 +0200)