Merge pull request #2 from holiman/coverity_fixes

Coverity fixes

diff --git a/armsrc/epa.c b/armsrc/epa.c
index b0ae5e0d02eb8fb4d1875ce03b329f492b523f84..b1f0a187478a4a97018be70dbe02e53578c49858 100644 (file)
--- a/armsrc/epa.c
+++ b/armsrc/epa.c
@@ -419,7 +419,7 @@ int EPA_Setup()
        // return code
        int return_code = 0;
        // card UID
-       uint8_t uid[8];
+       uint8_t uid[10];
        // card select information
        iso14a_card_select_t card_select_info;
        // power up the field

diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c
index 9181a62ea1b9b2722f6348cff98d6bbe13e53c3e..839240bd3d464d58269b589d5e340c609d19d77d 100644 (file)
--- a/armsrc/hitag2.c
+++ b/armsrc/hitag2.c
@@ -1140,7 +1140,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
                case RHT2F_PASSWORD: {
       Dbprintf("List identifier in password mode");
                        memcpy(password,htd->pwd.password,4);
-      blocknr = 0;
+               blocknr = 0;
                        bQuitTraceFull = false;
                        bQuiet = false;
                        bPwd = false;
@@ -1158,7 +1158,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
       
                case RHT2F_CRYPTO: {
                        DbpString("Authenticating using key:");
-                       memcpy(key,htd->crypto.key,6);
+                       memcpy(key,htd->crypto.key,4);
                        Dbhexdump(6,key,false);
       blocknr = 0;
                        bQuiet = false;

diff --git a/armsrc/iclass.c b/armsrc/iclass.c
index 0ff24bfdd08f8eb0eb45f90e045b4b9db87a22fb..0ee1b3554568a8fce0d8eca210156bcc7ace5de1 100644 (file)
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@@ -1295,20 +1295,23 @@ static void TransmitIClassCommand(const uint8_t *cmd, int len, int *samples, int
   FpgaSetupSsc();
 
    if (wait)
-    if(*wait < 10)
-      *wait = 10;
+   {
+     if(*wait < 10) *wait = 10;
+     
+     for(c = 0; c < *wait;) {
+       if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
+         AT91C_BASE_SSC->SSC_THR = 0x00;               // For exact timing!
+         c++;
+       }
+       if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
+         volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;
+         (void)r;
+       }
+       WDT_HIT();
+     }
+
+   }
 
-  for(c = 0; c < *wait;) {
-    if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
-      AT91C_BASE_SSC->SSC_THR = 0x00;          // For exact timing!
-      c++;
-    }
-    if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
-      volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;
-      (void)r;
-    }
-    WDT_HIT();
-  }
 
   uint8_t sendbyte;
   bool firstpart = TRUE;

diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c
index 9a80a17723b3ca4e6a4f392a21fc4166d5b8a9f2..bbfc0b75b92352ba39cfd7d99a1b5a7469d5cdd1 100644 (file)
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@@ -1726,7 +1726,13 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
     if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
       // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
       // http://www.nxp.com/documents/application_note/AN10927.pdf
-      memcpy(uid_resp, uid_resp + 1, 3);
+      // This was earlier:
+      //memcpy(uid_resp, uid_resp + 1, 3);
+      // But memcpy should not be used for overlapping arrays, 
+      // and memmove appears to not be available in the arm build. 
+      // So this has been replaced with a for-loop:
+      for(int xx = 0; xx < 3; xx++) uid_resp[xx] = uid_resp[xx+1];
+
       uid_resp_len = 3;
     }
 
@@ -1936,7 +1942,8 @@ void ReaderMifare(bool first_try)
        uint8_t uid[10];
        uint32_t cuid;
 
-       uint32_t nt, previous_nt;
+       uint32_t nt =0 ;
+       uint32_t previous_nt = 0;
        static uint32_t nt_attacked = 0;
        byte_t par_list[8] = {0,0,0,0,0,0,0,0};
        byte_t ks_list[8] = {0,0,0,0,0,0,0,0};

diff --git a/armsrc/lfops.c b/armsrc/lfops.c
index 74f04913e6e66760e5a617860110e412dd900192..7d497e3cc42c411ed83a02d9d59aa106fc90d4a4 100644 (file)
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@ -1456,78 +1456,81 @@ int DemodPCF7931(uint8_t **outBlocks) {
        
        for (bitidx = 0; i < GraphTraceLen; i++)
        {
-    if ( (GraphBuffer[i-1] > GraphBuffer[i] && dir == 1 && GraphBuffer[i] > lmax) || (GraphBuffer[i-1] < GraphBuffer[i] && dir == 0 && GraphBuffer[i] < lmin))
-    {
-      lc = i - lastval;
-      lastval = i;
-      
-      // Switch depending on lc length:
-      // Tolerance is 1/8 of clock rate (arbitrary)
-      if (abs(lc-clock/4) < tolerance) {
-        // 16T0
-        if((i - pmc) == lc) { /* 16T0 was previous one */
-          /* It's a PMC ! */
-          i += (128+127+16+32+33+16)-1;
-          lastval = i;
-          pmc = 0;
-          block_done = 1;
-        }
-        else {
-          pmc = i;
-        }
-      } else if (abs(lc-clock/2) < tolerance) {
-        // 32TO
-        if((i - pmc) == lc) { /* 16T0 was previous one */
-          /* It's a PMC ! */
-          i += (128+127+16+32+33)-1;
-          lastval = i;
-          pmc = 0;
-          block_done = 1;
-        }
-        else if(half_switch == 1) {
-          BitStream[bitidx++] = 0;
-          half_switch = 0;
-        }
-        else
-          half_switch++;
-      } else if (abs(lc-clock) < tolerance) {
-        // 64TO
-        BitStream[bitidx++] = 1;
-      } else {
-        // Error
-        warnings++;
-        if (warnings > 10)
-        {
-          Dbprintf("Error: too many detection errors, aborting.");
-          return 0;
-        }
-      }
-      
-      if(block_done == 1) {
-        if(bitidx == 128) {
-          for(j=0; j<16; j++) {
-            Blocks[num_blocks][j] = 128*BitStream[j*8+7]+
-            64*BitStream[j*8+6]+
-            32*BitStream[j*8+5]+
-            16*BitStream[j*8+4]+
-            8*BitStream[j*8+3]+
-            4*BitStream[j*8+2]+
-            2*BitStream[j*8+1]+
-            BitStream[j*8];
-          }
-          num_blocks++;
-        }
-        bitidx = 0;
-        block_done = 0;
-        half_switch = 0;
-      }
-      if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0;
-      else dir = 1;
-    }
-    if(bitidx==255)
-      bitidx=0;
-    warnings = 0;
-    if(num_blocks == 4) break;
+           if ( (GraphBuffer[i-1] > GraphBuffer[i] && dir == 1 && GraphBuffer[i] > lmax) || (GraphBuffer[i-1] < GraphBuffer[i] && dir == 0 && GraphBuffer[i] < lmin))
+           {
+             lc = i - lastval;
+             lastval = i;
+             
+             // Switch depending on lc length:
+             // Tolerance is 1/8 of clock rate (arbitrary)
+             if (abs(lc-clock/4) < tolerance) {
+               // 16T0
+               if((i - pmc) == lc) { /* 16T0 was previous one */
+                 /* It's a PMC ! */
+                 i += (128+127+16+32+33+16)-1;
+                 lastval = i;
+                 pmc = 0;
+                 block_done = 1;
+               }
+               else {
+                 pmc = i;
+               }
+             } else if (abs(lc-clock/2) < tolerance) {
+               // 32TO
+               if((i - pmc) == lc) { /* 16T0 was previous one */
+                 /* It's a PMC ! */
+                 i += (128+127+16+32+33)-1;
+                 lastval = i;
+                 pmc = 0;
+                 block_done = 1;
+               }
+               else if(half_switch == 1) {
+                 BitStream[bitidx++] = 0;
+                 half_switch = 0;
+               }
+               else
+                 half_switch++;
+             } else if (abs(lc-clock) < tolerance) {
+               // 64TO
+               BitStream[bitidx++] = 1;
+             } else {
+               // Error
+               warnings++;
+               if (warnings > 10)
+               {
+                 Dbprintf("Error: too many detection errors, aborting.");
+                 return 0;
+               }
+             }
+             
+             if(block_done == 1) {
+               if(bitidx == 128) {
+                 for(j=0; j<16; j++) {
+                   Blocks[num_blocks][j] = 128*BitStream[j*8+7]+
+                   64*BitStream[j*8+6]+
+                   32*BitStream[j*8+5]+
+                   16*BitStream[j*8+4]+
+                   8*BitStream[j*8+3]+
+                   4*BitStream[j*8+2]+
+                   2*BitStream[j*8+1]+
+                   BitStream[j*8];
+                 }
+                 num_blocks++;
+               }
+               bitidx = 0;
+               block_done = 0;
+               half_switch = 0;
+             }
+             if(i < GraphTraceLen)
+             {
+                     if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0;
+                     else dir = 1;             
+             }
+           }
+           if(bitidx==255)
+             bitidx=0;
+           warnings = 0;
+           if(num_blocks == 4) break;
        }
        memcpy(outBlocks, Blocks, 16*num_blocks);
        return num_blocks;

diff --git a/armsrc/util.c b/armsrc/util.c
index 2d3aab9ca2a56703f4e50737e6f62eeb9cbe7ee9..5b68f5134cf16a1991aed51c463acb87b02994c8 100644 (file)
--- a/armsrc/util.c
+++ b/armsrc/util.c
@@ -225,7 +225,7 @@ void FormatVersionInformation(char *dst, int len, const char *prefix, void *vers
 {
        struct version_information *v = (struct version_information*)version_information;
        dst[0] = 0;
-       strncat(dst, prefix, len);
+       strncat(dst, prefix, len-1);
        if(v->magic != VERSION_INFORMATION_MAGIC) {
                strncat(dst, "Missing/Invalid version information", len - strlen(dst) - 1);
                return;

diff --git a/client/cmddata.c b/client/cmddata.c
index fa54d01a69387897b5498ccd8e43270e46a50dbf..7d9ec1b76bafbc9e1b09736bd11f2c93fa11d7d8 100644 (file)
--- a/client/cmddata.c
+++ b/client/cmddata.c
@@ -556,7 +556,7 @@ int CmdManchesterDemod(const char *Cmd)
 
   /* But it does not work if compiling on WIndows: therefore we just allocate a */
   /* large array */
-  uint8_t BitStream[MAX_GRAPH_TRACE_LEN];
+  uint8_t BitStream[MAX_GRAPH_TRACE_LEN] = {0};
 
   /* Detect high and lows */
   for (i = 0; i < GraphTraceLen; i++)

diff --git a/client/cmdhf15.c b/client/cmdhf15.c
index cc61d2899e3c5d56ee8f894509c3a656942cbbd4..2239e9e4634ff151e5181050800af12e294d574a 100644 (file)
--- a/client/cmdhf15.c
+++ b/client/cmdhf15.c
@@ -535,7 +535,8 @@ int CmdHF15CmdRaw (const char *cmd) {
  */
 int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdlen) {
        int temp;
-       uint8_t *req=c->d.asBytes, uid[8];
+       uint8_t *req=c->d.asBytes;
+       uint8_t uid[8] = {0};
        uint32_t reqlen=0;
 
        // strip

diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c
index 7156b1188809ab9c492ac52a2efb4d2e32e270e6..d9af90441f16951783d09e40663e5608043036dc 100644 (file)
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@@ -502,6 +502,8 @@ int CmdHFiClassReader_Dump(const char *Cmd)
   SendCommand(&c);
   
   UsbCommand resp;
+  uint8_t key_sel[8] = {0};
+  uint8_t key_sel_p[8] = { 0 };
 
   if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
         uint8_t isOK    = resp.arg[0] & 0xff;
@@ -520,8 +522,6 @@ int CmdHFiClassReader_Dump(const char *Cmd)
         {
             if(elite)
             {
-                uint8_t key_sel[8] = {0};
-                uint8_t key_sel_p[8] = { 0 };
                 //Get the key index (hash1)
                 uint8_t key_index[8] = {0};
 

diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index b66aa3a6d59d220d685c8b57ce657b3f415feee8..80d93a46659e74950b4aa68e20488588e4a28534 100644 (file)
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -343,10 +343,6 @@ int CmdHF14AMfURdCard(const char *Cmd)
     uint8_t isOK  = 0;\r
     uint8_t * data  = NULL;\r
 \r
-    if (sectorNo > 15) {\r
-        PrintAndLog("Sector number must be less than 16");\r
-        return 1;\r
-    }\r
     PrintAndLog("Attempting to Read Ultralight... ");\r
         \r
        UsbCommand c = {CMD_MIFAREU_READCARD, {sectorNo}};\r
@@ -359,64 +355,24 @@ int CmdHF14AMfURdCard(const char *Cmd)
 \r
         PrintAndLog("isOk:%02x", isOK);\r
         if (isOK) \r
-            for (i = 0; i < 16; i++) {\r
-                       switch(i){\r
-                               case 2:\r
-                                       //process lock bytes\r
-                                       lockbytes_t=data+(i*4);\r
-                                       lockbytes[0]=lockbytes_t[2];\r
-                                       lockbytes[1]=lockbytes_t[3];\r
-                                       for(int j=0; j<16; j++){\r
-                                               bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8));\r
-                                       }\r
-                                       //PrintAndLog("LB %02x %02x", lockbytes[0],lockbytes[1]);\r
-                                       //PrintAndLog("LB2b %02x %02x %02x %02x %02x %02x %02x %02x",bit[8],bit[9],bit[10],bit[11],bit[12],bit[13],bit[14],bit[15]);            \r
-                                       PrintAndLog("Block %3d:%s ", i,sprint_hex(data + i * 4, 4));\r
-                                       break;\r
-                               case 3: \r
-                                       PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[4]);\r
-                                       break;\r
-                               case 4:\r
-                    PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[3]);\r
-                                       break;\r
-                               case 5:\r
-                    PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[2]);\r
-                                       break;\r
-                               case 6:\r
-                    PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[1]);\r
-                                       break;\r
-                               case 7:\r
-                    PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[0]);\r
-                                       break;\r
-                               case 8:\r
-                    PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[15]);\r
-                                       break;\r
-                               case 9:\r
-                    PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[14]);\r
-                                       break;\r
-                               case 10:\r
-                    PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[13]);\r
-                                       break;\r
-                               case 11:\r
-                    PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[12]);\r
-                                       break;\r
-                               case 12:\r
-                    PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[11]);\r
-                                       break;\r
-                               case 13:\r
-                    PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[10]);\r
-                                       break;\r
-                               case 14:\r
-                    PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[9]);\r
-                                       break;\r
-                               case 15:\r
-                    PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[8]);\r
-                                       break;\r
-                               default:\r
-                                       PrintAndLog("Block %3d:%s ", i,sprint_hex(data + i * 4, 4));\r
-                                       break;\r
+               {       // bit 0 and 1\r
+                               PrintAndLog("Block %3d:%s ", 0,sprint_hex(data + 0 * 4, 4));\r
+                               PrintAndLog("Block %3d:%s ", 1,sprint_hex(data + 1 * 4, 4));\r
+                               // bit 2\r
+                               //process lock bytes\r
+                               lockbytes_t=data+(2*4);\r
+                               lockbytes[0]=lockbytes_t[2];\r
+                               lockbytes[1]=lockbytes_t[3];\r
+                               for(int j=0; j<16; j++){\r
+                                       bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8));\r
                                }\r
-                        }\r
+                               //remaining\r
+                   for (i = 3; i < 16; i++) {\r
+                       int bitnum = (23-i) % 16;\r
+                                       PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[bitnum]);\r
+                   }\r
+\r
+               }\r
         } else {\r
                 PrintAndLog("Command execute timeout");\r
         }\r
@@ -546,6 +502,7 @@ int CmdHF14AMfDump(const char *Cmd)
        for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
                if (fread( keyA[sectorNo], 1, 6, fin ) == 0) {\r
                        PrintAndLog("File reading error.");\r
+                       fclose(fin);\r
                        return 2;\r
                }\r
        }\r
@@ -553,10 +510,11 @@ int CmdHF14AMfDump(const char *Cmd)
        for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
                if (fread( keyB[sectorNo], 1, 6, fin ) == 0) {\r
                        PrintAndLog("File reading error.");\r
+                       fclose(fin);\r
                        return 2;\r
                }\r
        }\r
-       \r
+       fclose(fin);\r
        // Read access rights to sectors\r
 \r
        PrintAndLog("|-----------------------------------------|");\r
@@ -666,7 +624,6 @@ int CmdHF14AMfDump(const char *Cmd)
                PrintAndLog("Dumped %d blocks (%d bytes) to file dumpdata.bin", numblocks, 16*numblocks);\r
        }\r
                \r
-       fclose(fin);\r
        return 0;\r
 }\r
 \r
@@ -1004,6 +961,16 @@ int CmdHF14AMfNested(const char *Cmd)
 \r
 int CmdHF14AMfChk(const char *Cmd)\r
 {\r
+       if (strlen(Cmd)<3) {\r
+               PrintAndLog("Usage:  hf mf chk <block number>|<*card memory> <key type (A/B/?)> [t] [<key (12 hex symbols)>] [<dic (*.dic)>]");\r
+               PrintAndLog("          * - all sectors");\r
+               PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K");\r
+               PrintAndLog("d - write keys to binary file\n");\r
+               PrintAndLog("      sample: hf mf chk 0 A 1234567890ab keys.dic");\r
+               PrintAndLog("              hf mf chk *1 ? t");\r
+               return 0;\r
+       }       \r
+\r
        FILE * f;\r
        char filename[256]={0};\r
        char buf[13];\r
@@ -1021,6 +988,7 @@ int CmdHF14AMfChk(const char *Cmd)
        int transferToEml = 0;\r
        int createDumpFile = 0;\r
 \r
+\r
        keyBlock = calloc(stKeyBlock, 6);\r
        if (keyBlock == NULL) return 1;\r
 \r
@@ -1047,15 +1015,6 @@ int CmdHF14AMfChk(const char *Cmd)
                num_to_bytes(defaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));\r
        }\r
        \r
-       if (strlen(Cmd)<3) {\r
-               PrintAndLog("Usage:  hf mf chk <block number>|<*card memory> <key type (A/B/?)> [t] [<key (12 hex symbols)>] [<dic (*.dic)>]");\r
-               PrintAndLog("          * - all sectors");\r
-               PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K");\r
-               PrintAndLog("d - write keys to binary file\n");\r
-               PrintAndLog("      sample: hf mf chk 0 A 1234567890ab keys.dic");\r
-               PrintAndLog("              hf mf chk *1 ? t");\r
-               return 0;\r
-       }       \r
        \r
        if (param_getchar(Cmd, 0)=='*') {\r
                blockNo = 3;\r
@@ -1144,11 +1103,11 @@ int CmdHF14AMfChk(const char *Cmd)
                                        keycnt++;\r
                                        memset(buf, 0, sizeof(buf));\r
                                }\r
+                               fclose(f);\r
                        } else {\r
                                PrintAndLog("File: %s: not found or locked.", filename);\r
                                free(keyBlock);\r
                                return 1;\r
-                       fclose(f);\r
                        }\r
                }\r
        }\r
@@ -1430,12 +1389,14 @@ int CmdHF14AMfELoad(const char *Cmd)
                                break;\r
                        }\r
                        PrintAndLog("File reading error.");\r
+                       fclose(f);\r
                        return 2;\r
                }\r
                if (strlen(buf) < 32){\r
                        if(strlen(buf) && feof(f))\r
                                break;\r
                        PrintAndLog("File content error. Block data must include 32 HEX symbols");\r
+                       fclose(f);\r
                        return 2;\r
                }\r
                for (i = 0; i < 32; i += 2) {\r
@@ -1444,6 +1405,7 @@ int CmdHF14AMfELoad(const char *Cmd)
                }\r
                if (mfEmlSetMem(buf8, blockNum, 1)) {\r
                        PrintAndLog("Cant set emul block: %3d", blockNum);\r
+                       fclose(f);\r
                        return 3;\r
                }\r
                blockNum++;\r
@@ -1586,8 +1548,8 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
 int CmdHF14AMfCSetUID(const char *Cmd)\r
 {\r
        uint8_t wipeCard = 0;\r
-       uint8_t uid[8];\r
-       uint8_t oldUid[8];\r
+       uint8_t uid[8] = {0};\r
+       uint8_t oldUid[8]= {0};\r
        int res;\r
 \r
        if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r

diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c
index a7312d21b81a21a148c7cfe1e0e95f5b4db021d3..a3674a6ca6ebcb87896819149633f8c6bd21ac56 100644 (file)
--- a/client/cmdlfem4x.c
+++ b/client/cmdlfem4x.c
@@ -319,7 +319,7 @@ int CmdEM4x50Read(const char *Cmd)
       ++i;
     while ((GraphBuffer[i] > low) && (i<GraphTraceLen))
       ++i;
-    if (j>(MAX_GRAPH_TRACE_LEN/64)) {
+    if (j>=(MAX_GRAPH_TRACE_LEN/64)) {
       break;
     }
     tmpbuff[j++]= i - start;

diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c
index af61bd36690e965a45388199bbddd24359ad3b64..32d38aebef926dff73284e5ea3688dbe9a651462 100644 (file)
--- a/client/cmdlfhitag.c
+++ b/client/cmdlfhitag.c
@@ -41,9 +41,6 @@ int CmdLFHitagList(const char *Cmd)
   int i = 0;
   int prev = -1;
 
-  char filename[256];
-  FILE* pf = NULL;
-  
   for (;;) {
     if(i >= 1900) {
       break;
@@ -107,23 +104,19 @@ int CmdLFHitagList(const char *Cmd)
       line);
 
 
-   if (pf) {
-      fprintf(pf," +%7d:  %3d: %s %s\n",
-                                       (prev < 0 ? 0 : (timestamp - prev)),
-                                       bits,
-                                       (isResponse ? "TAG" : "   "),
-                                       line);
-    }
+//   if (pf) {
+//      fprintf(pf," +%7d:  %3d: %s %s\n",
+//                                     (prev < 0 ? 0 : (timestamp - prev)),
+//                                     bits,
+//                                     (isResponse ? "TAG" : "   "),
+//                                     line);
+//    }
        
     prev = timestamp;
     i += (len + 9);
   }
   
-  if (pf) {
-         PrintAndLog("Recorded activity succesfully written to file: %s", filename);
-    fclose(pf);
-  }
-       
+
   return 0;
 }
 
@@ -149,6 +142,7 @@ int CmdLFHitagSim(const char *Cmd) {
                tag_mem_supplied = true;
                if (fread(c.d.asBytes,48,1,pf) == 0) {
       PrintAndLog("Error: File reading error");
+      fclose(pf);
                        return 1;
     }
                fclose(pf);

diff --git a/client/cmdmain.c b/client/cmdmain.c
index fa358fac8b2211b0ae27eb1e32a746830303807b..77f1c373ece5bb884b0f9b3ea78c8af1dcbe2440 100644 (file)
--- a/client/cmdmain.c
+++ b/client/cmdmain.c
@@ -134,8 +134,9 @@ int getCommand(UsbCommand* response)
  */
 bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout) {
   
+  UsbCommand resp;
+
   if (response == NULL) {
-    UsbCommand resp;
     response = &resp;
   }
 

diff --git a/client/loclass/ikeys.c b/client/loclass/ikeys.c
index cd2b72ee0e8d0c26872888b025ba7ca479eed102..4749181e3dc395fcdac6fd82c01495c3333de657 100644 (file)
--- a/client/loclass/ikeys.c
+++ b/client/loclass/ikeys.c
@@ -727,13 +727,17 @@ int readKeyFile(uint8_t key[8])
 {
 
        FILE *f;
-
+       int retval = 1;
        f = fopen("iclass_key.bin", "rb");
        if (f)
        {
-               if(fread(key, sizeof(key), 1, f) == 1) return 0;
+               if(fread(key, sizeof(uint8_t), 8, f) == 1) 
+               {
+                       retval = 0;     
+               }
+               fclose(f);
        }
-       return 1;
+       return retval;
 
 }
 

diff --git a/client/mifarehost.c b/client/mifarehost.c
index fe8b8b2682a3d28b46bd469a369c1c6303c93e07..72e70662a16f5486bcf6751da25e1574ae86c2c1 100644 (file)
--- a/client/mifarehost.c
+++ b/client/mifarehost.c
@@ -296,7 +296,7 @@ static uint8_t trailerAccessBytes[4] = {0x08, 0x77, 0x8F, 0x00};
 // variables\r
 char logHexFileName[200] = {0x00};\r
 static uint8_t traceCard[4096] = {0x00};\r
-static char traceFileName[20];\r
+static char traceFileName[200] = {0};\r
 static int traceState = TRACE_IDLE;\r
 static uint8_t traceCurBlock = 0;\r
 static uint8_t traceCurKey = 0;\r
@@ -497,7 +497,7 @@ int mfTraceDecode(uint8_t *data_src, int len, uint32_t parity, bool wantSaveToEm
        break;\r
 \r
        case TRACE_WRITE_OK: \r
-               if ((len == 1) && (data[0] = 0x0a)) {\r
+               if ((len == 1) && (data[0] == 0x0a)) {\r
                        traceState = TRACE_WRITE_DATA;\r
 \r
                        return 0;\r
@@ -555,23 +555,13 @@ int mfTraceDecode(uint8_t *data_src, int len, uint32_t parity, bool wantSaveToEm
                        at_par = parity;\r
                        \r
                        //  decode key here)\r
-                       if (!traceCrypto1) {\r
-                               ks2 = ar_enc ^ prng_successor(nt, 64);\r
-                               ks3 = at_enc ^ prng_successor(nt, 96);\r
-                               revstate = lfsr_recovery64(ks2, ks3);\r
-                               lfsr_rollback_word(revstate, 0, 0);\r
-                               lfsr_rollback_word(revstate, 0, 0);\r
-                               lfsr_rollback_word(revstate, nr_enc, 1);\r
-                               lfsr_rollback_word(revstate, uid ^ nt, 0);\r
-                       }else{\r
-                               ks2 = ar_enc ^ prng_successor(nt, 64);\r
-                               ks3 = at_enc ^ prng_successor(nt, 96);\r
-                               revstate = lfsr_recovery64(ks2, ks3);\r
-                               lfsr_rollback_word(revstate, 0, 0);\r
-                               lfsr_rollback_word(revstate, 0, 0);\r
-                               lfsr_rollback_word(revstate, nr_enc, 1);\r
-                               lfsr_rollback_word(revstate, uid ^ nt, 0);\r
-                       }\r
+                       ks2 = ar_enc ^ prng_successor(nt, 64);\r
+                       ks3 = at_enc ^ prng_successor(nt, 96);\r
+                       revstate = lfsr_recovery64(ks2, ks3);\r
+                       lfsr_rollback_word(revstate, 0, 0);\r
+                       lfsr_rollback_word(revstate, 0, 0);\r
+                       lfsr_rollback_word(revstate, nr_enc, 1);\r
+                       lfsr_rollback_word(revstate, uid ^ nt, 0);\r
                        crypto1_get_lfsr(revstate, &lfsr);\r
                        printf("key> %x%x\n", (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF));\r
                        AddLogUint64(logHexFileName, "key> ", lfsr); \r

diff --git a/client/nonce2key/crapto1.c b/client/nonce2key/crapto1.c
index 90f55ab4c6cce6ad91ad594059069a7e64a0a270..61215420ff604ec464d40afd450998f0d0fada20 100644 (file)
--- a/client/nonce2key/crapto1.c
+++ b/client/nonce2key/crapto1.c
@@ -544,8 +544,14 @@ lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8],
 \r
        statelist = malloc((sizeof *statelist) << 21);  //how large should be? \r
        if(!statelist || !odd || !even)\r
+       {\r
+                               free(statelist);\r
+                               free(odd);\r
+                               free(even);\r
                 return 0;\r
 \r
+       }\r
+\r
        s = statelist;\r
        for(o = odd; *o != -1; ++o)\r
                for(e = even; *e != -1; ++e)\r