From: adam@algroup.co.uk Date: Fri, 5 Feb 2010 20:08:02 +0000 (+0000) Subject: FIXME: will crash if sample buffer does not contain valid legic data (fixed by Sourcerer) X-Git-Tag: v1.0.0~380 X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/313322658c6073bbc99cdbe0ae3f07bd7e562766?hp=41dab153055c6bdbbea436b01e7fcf87354c435a FIXME: will crash if sample buffer does not contain valid legic data (fixed by Sourcerer) --- diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c index 5ff60a3a..08a03da0 100644 --- a/client/cmdhflegic.c +++ b/client/cmdhflegic.c @@ -33,7 +33,6 @@ int CmdHelp(const char *Cmd) * Output BigBuf and deobfuscate LEGIC RF tag data. * This is based on information given in the talk held * by Henryk Ploetz and Karsten Nohl at 26c3 - * FIXME: will crash if sample buffer does not contain valid legic data */ int CmdLegicDecode(const char *Cmd) { @@ -162,7 +161,7 @@ int CmdLegicDecode(const char *Cmd) if (wrc>0) { PrintAndLog("WRC protected area:"); - for (k=0, j=0; k < wrc; k++, i++, j += 3) { + for (k=0, j=0; k < wrc && j<(sizeof(out_string)-3); k++, i++, j += 3) { sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); out_string[j+2] = ' '; }; @@ -175,7 +174,7 @@ int CmdLegicDecode(const char *Cmd) if (wrp>wrc) { PrintAndLog("Remaining write protected area:"); - for (k=0, j=0; k < (wrp-wrc); k++, i++, j += 3) { + for (k=0, j=0; k < (wrp-wrc) && j<(sizeof(out_string)-3); k++, i++, j += 3) { sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); out_string[j+2] = ' '; }; @@ -190,7 +189,7 @@ int CmdLegicDecode(const char *Cmd) } PrintAndLog("Remaining segment payload:"); - for (k=0, j=0; k < (segment_len - wrp - 5); k++, i++, j += 3) { + for (k=0, j=0; k < (segment_len - wrp - 5) && j<(sizeof(out_string)-3); k++, i++, j += 3) { sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); out_string[j+2] = ' '; };