From 90e278d3daf11b501043d7ae628a25aeb0227420 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Mon, 27 Oct 2014 21:46:04 +0100 Subject: [PATCH] Fixed several issues found using a coverity-scan --- client/cmddata.c | 2 +- client/cmdhf15.c | 3 ++- client/cmdhficlass.c | 4 ++-- client/cmdhfmf.c | 26 ++++++++++++++------------ client/cmdlfem4x.c | 2 +- client/cmdlfhitag.c | 1 + client/cmdmain.c | 3 ++- client/mifarehost.c | 2 +- client/nonce2key/crapto1.c | 6 ++++++ 9 files changed, 30 insertions(+), 19 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index fa54d01a..7d9ec1b7 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -556,7 +556,7 @@ int CmdManchesterDemod(const char *Cmd) /* But it does not work if compiling on WIndows: therefore we just allocate a */ /* large array */ - uint8_t BitStream[MAX_GRAPH_TRACE_LEN]; + uint8_t BitStream[MAX_GRAPH_TRACE_LEN] = {0}; /* Detect high and lows */ for (i = 0; i < GraphTraceLen; i++) diff --git a/client/cmdhf15.c b/client/cmdhf15.c index cc61d289..2239e9e4 100644 --- a/client/cmdhf15.c +++ b/client/cmdhf15.c @@ -535,7 +535,8 @@ int CmdHF15CmdRaw (const char *cmd) { */ int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdlen) { int temp; - uint8_t *req=c->d.asBytes, uid[8]; + uint8_t *req=c->d.asBytes; + uint8_t uid[8] = {0}; uint32_t reqlen=0; // strip diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 7156b118..d9af9044 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -502,6 +502,8 @@ int CmdHFiClassReader_Dump(const char *Cmd) SendCommand(&c); UsbCommand resp; + uint8_t key_sel[8] = {0}; + uint8_t key_sel_p[8] = { 0 }; if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) { uint8_t isOK = resp.arg[0] & 0xff; @@ -520,8 +522,6 @@ int CmdHFiClassReader_Dump(const char *Cmd) { if(elite) { - uint8_t key_sel[8] = {0}; - uint8_t key_sel_p[8] = { 0 }; //Get the key index (hash1) uint8_t key_index[8] = {0}; diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index b66aa3a6..4b591f0f 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1004,6 +1004,16 @@ int CmdHF14AMfNested(const char *Cmd) int CmdHF14AMfChk(const char *Cmd) { + if (strlen(Cmd)<3) { + PrintAndLog("Usage: hf mf chk |<*card memory> [t] [] []"); + PrintAndLog(" * - all sectors"); + PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, - 1K"); + PrintAndLog("d - write keys to binary file\n"); + PrintAndLog(" sample: hf mf chk 0 A 1234567890ab keys.dic"); + PrintAndLog(" hf mf chk *1 ? t"); + return 0; + } + FILE * f; char filename[256]={0}; char buf[13]; @@ -1021,6 +1031,7 @@ int CmdHF14AMfChk(const char *Cmd) int transferToEml = 0; int createDumpFile = 0; + keyBlock = calloc(stKeyBlock, 6); if (keyBlock == NULL) return 1; @@ -1047,15 +1058,6 @@ int CmdHF14AMfChk(const char *Cmd) num_to_bytes(defaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6)); } - if (strlen(Cmd)<3) { - PrintAndLog("Usage: hf mf chk |<*card memory> [t] [] []"); - PrintAndLog(" * - all sectors"); - PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, - 1K"); - PrintAndLog("d - write keys to binary file\n"); - PrintAndLog(" sample: hf mf chk 0 A 1234567890ab keys.dic"); - PrintAndLog(" hf mf chk *1 ? t"); - return 0; - } if (param_getchar(Cmd, 0)=='*') { blockNo = 3; @@ -1144,11 +1146,11 @@ int CmdHF14AMfChk(const char *Cmd) keycnt++; memset(buf, 0, sizeof(buf)); } + fclose(f); } else { PrintAndLog("File: %s: not found or locked.", filename); free(keyBlock); return 1; - fclose(f); } } } @@ -1586,8 +1588,8 @@ int CmdHF14AMfEKeyPrn(const char *Cmd) int CmdHF14AMfCSetUID(const char *Cmd) { uint8_t wipeCard = 0; - uint8_t uid[8]; - uint8_t oldUid[8]; + uint8_t uid[8] = {0}; + uint8_t oldUid[8]= {0}; int res; if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') { diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index a7312d21..a3674a6c 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -319,7 +319,7 @@ int CmdEM4x50Read(const char *Cmd) ++i; while ((GraphBuffer[i] > low) && (i(MAX_GRAPH_TRACE_LEN/64)) { + if (j>=(MAX_GRAPH_TRACE_LEN/64)) { break; } tmpbuff[j++]= i - start; diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c index af61bd36..13f075f7 100644 --- a/client/cmdlfhitag.c +++ b/client/cmdlfhitag.c @@ -149,6 +149,7 @@ int CmdLFHitagSim(const char *Cmd) { tag_mem_supplied = true; if (fread(c.d.asBytes,48,1,pf) == 0) { PrintAndLog("Error: File reading error"); + fclose(pf); return 1; } fclose(pf); diff --git a/client/cmdmain.c b/client/cmdmain.c index fa358fac..77f1c373 100644 --- a/client/cmdmain.c +++ b/client/cmdmain.c @@ -134,8 +134,9 @@ int getCommand(UsbCommand* response) */ bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout) { + UsbCommand resp; + if (response == NULL) { - UsbCommand resp; response = &resp; } diff --git a/client/mifarehost.c b/client/mifarehost.c index fe8b8b26..7633def3 100644 --- a/client/mifarehost.c +++ b/client/mifarehost.c @@ -296,7 +296,7 @@ static uint8_t trailerAccessBytes[4] = {0x08, 0x77, 0x8F, 0x00}; // variables char logHexFileName[200] = {0x00}; static uint8_t traceCard[4096] = {0x00}; -static char traceFileName[20]; +static char traceFileName[200] = {0}; static int traceState = TRACE_IDLE; static uint8_t traceCurBlock = 0; static uint8_t traceCurKey = 0; diff --git a/client/nonce2key/crapto1.c b/client/nonce2key/crapto1.c index 90f55ab4..61215420 100644 --- a/client/nonce2key/crapto1.c +++ b/client/nonce2key/crapto1.c @@ -544,8 +544,14 @@ lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8], statelist = malloc((sizeof *statelist) << 21); //how large should be? if(!statelist || !odd || !even) + { + free(statelist); + free(odd); + free(even); return 0; + } + s = statelist; for(o = odd; *o != -1; ++o) for(e = even; *e != -1; ++e) -- 2.39.2