FIX: coverty scan, resourceleak in "hf mf sniff", added call to 'free' befor return.

FIX: coverty scan, overflow in "hf 14a raw",  added an extra len check against USB_CMD_DATA_SIZE

diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c
index 8d15f73142494390c69b9129313bad559cdfbbe2..d195267243907fa70e83c68750190fdf6b161617 100644 (file)
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@@ -731,8 +731,10 @@ int CmdHF14ACmdRaw(const char *cmd) {
 
        if(topazmode)
                c.arg[0] |= ISO14A_TOPAZMODE;
-               
+                       
        // Max buffer is USB_CMD_DATA_SIZE
+       datalen = (datalen > USB_CMD_DATA_SIZE) ? USB_CMD_DATA_SIZE : datalen;
+               
     c.arg[1] = (datalen & 0xFFFF) | (numbits << 16);
     memcpy(c.d.asBytes,data,datalen);
 

diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index b2d5494fb0226e6cdef814fb36f8a3ac5af7c03d..272f1ade2d2c47a619f90a81a1a27fa0afa240c4 100644 (file)
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -2027,7 +2027,10 @@ int CmdHF14AMfSniff(const char *Cmd){
                        uint16_t traceLen = resp.arg[1];\r
                        len = resp.arg[2];\r
 \r
-                       if (res == 0) return 0;                                         // we are done\r
+                       if (res == 0) {\r
+                               free(buf);\r
+                               return 0;                                               // we are done\r
+                       }\r
 \r
                        if (res == 1) {                                                         // there is (more) data to be transferred\r
                                if (pckNum == 0) {                                              // first packet, (re)allocate necessary buffer\r