From: iceman1001 <iceman@iuse.se>
Date: Tue, 12 Jan 2016 22:35:06 +0000 (+0100)
Subject: FIX: Coverity, out-of-bounds write, CID#121340, CID#121341, CID#121342, CID#121343... 
X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/60daed79dbd2fd4da6e60d4e8dd50914075ff212

FIX: Coverity, out-of-bounds write, CID#121340, CID#121341, CID#121342, CID#121343,   wrong size in check, sprintf always adds a null terminator,  so if filepath would have been 996 chars long, this might had happend... but no more.
---

diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index a322e664..abc88b86 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -1364,7 +1364,7 @@ int CmdHF14AMfELoad(const char *Cmd)
 
 	len = param_getstr(Cmd,nameParamNo,filename);
 	
-	if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
+	if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;
 
 	fnameptr += len;
 
@@ -1461,7 +1461,7 @@ int CmdHF14AMfESave(const char *Cmd)
 
 	len = param_getstr(Cmd,nameParamNo,filename);
 	
-	if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
+	if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;
 	
 	// user supplied filename?
 	if (len < 1) {
@@ -1738,7 +1738,7 @@ int CmdHF14AMfCLoad(const char *Cmd)
 		return 0;
 	} else {
 		len = strlen(Cmd);
-		if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
+		if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;
 
 		memcpy(filename, Cmd, len);
 		fnameptr += len;
@@ -1908,7 +1908,7 @@ int CmdHF14AMfCSave(const char *Cmd) {
 		return 0;
 	} else {
 		len = strlen(Cmd);
-		if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
+		if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;
 	
 		// get filename based on UID
 		if (len < 1) {