From: Martin Holst Swende Date: Mon, 15 Feb 2016 17:43:25 +0000 (+0100) Subject: Merge pull request #162 from marshmellow42/CoverityFixes X-Git-Tag: v2.3.0~7 X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/b31ef4f5104384d0d301dcd27d11b3a9861b1d82?ds=sidebyside;hp=-c Merge pull request #162 from marshmellow42/CoverityFixes Coverity fixes - mainly from @iceman1001 s fork --- b31ef4f5104384d0d301dcd27d11b3a9861b1d82 diff --combined client/cmdhficlass.c index 12a7141e,134ca21e..309880d2 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@@ -33,8 -33,6 +33,6 @@@ #include "usb_cmd.h" #include "cmdhfmfu.h" - #define llX PRIx64 - static int CmdHelp(const char *Cmd); #define ICLASS_KEYS_MAX 8 @@@ -283,8 -281,13 +281,13 @@@ int CmdHFiClassELoad(const char *Cmd) long fsize = ftell(f); fseek(f, 0, SEEK_SET); - uint8_t *dump = malloc(fsize); + if (fsize < 0) { + PrintAndLog("Error, when getting filesize"); + fclose(f); + return 1; + } + uint8_t *dump = malloc(fsize); size_t bytes_read = fread(dump, 1, fsize, f); fclose(f); @@@ -368,10 -371,13 +371,13 @@@ int CmdHFiClassDecrypt(const char *Cmd //Open the tagdump-file FILE *f; char filename[FILE_PATH_SIZE]; - if(opt == 'f' && param_getstr(Cmd, 1, filename) > 0) - { + if(opt == 'f' && param_getstr(Cmd, 1, filename) > 0) { f = fopen(filename, "rb"); - }else{ + if ( f == NULL ) { + PrintAndLog("Could not find file %s", filename); + return 1; + } + } else { return usage_hf_iclass_decrypt(); } @@@ -591,7 -597,7 +597,7 @@@ int CmdHFiClassReader_Dump(const char * errors = param_gethex(tempStr, 0, CreditKEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(CreditKEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: Credit KeyNbr is invalid\n"); @@@ -625,7 -631,7 +631,7 @@@ errors = param_gethex(tempStr, 0, KEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(KEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: Credit KeyNbr is invalid\n"); @@@ -884,7 -890,7 +890,7 @@@ int CmdHFiClass_WriteBlock(const char * errors = param_gethex(tempStr, 0, KEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(KEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: Credit KeyNbr is invalid\n"); @@@ -933,7 -939,7 +939,7 @@@ int usage_hf_iclass_clone(void) } int CmdHFiClassCloneTag(const char *Cmd) { - char filename[FILE_PATH_SIZE]; + char filename[FILE_PATH_SIZE] = {0}; char tempStr[50]={0}; uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t keyNbr = 0; @@@ -987,7 -993,7 +993,7 @@@ errors = param_gethex(tempStr, 0, KEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(KEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: Credit KeyNbr is invalid\n"); @@@ -1038,6 -1044,7 +1044,7 @@@ if (startblock<5) { PrintAndLog("You cannot write key blocks this way. yet... make your start block > 4"); + fclose(f); return 0; } // now read data from the file from block 6 --- 19 @@@ -1046,7 -1053,11 +1053,11 @@@ // else we have to create a share memory int i; fseek(f,startblock*8,SEEK_SET); - fread(tag_data,sizeof(iclass_block_t),endblock - startblock + 1,f); + if ( fread(tag_data,sizeof(iclass_block_t),endblock - startblock + 1,f) == 0 ) { + PrintAndLog("File reading error."); + fclose(f); + return 2; + } uint8_t MAC[4]={0x00,0x00,0x00,0x00}; uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; @@@ -1168,7 -1179,7 +1179,7 @@@ int CmdHFiClass_ReadBlock(const char *C errors = param_gethex(tempStr, 0, KEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(KEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: Credit KeyNbr is invalid\n"); @@@ -1209,7 -1220,7 +1220,7 @@@ int CmdHFiClass_loclass(const char *Cmd PrintAndLog("f Bruteforce iclass dumpfile"); PrintAndLog(" An iclass dumpfile is assumed to consist of an arbitrary number of"); PrintAndLog(" malicious CSNs, and their protocol responses"); - PrintAndLog(" The the binary format of the file is expected to be as follows: "); + PrintAndLog(" The binary format of the file is expected to be as follows: "); PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>"); PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>"); PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>"); @@@ -1305,8 -1316,13 +1316,13 @@@ int CmdHFiClassReadTagFile(const char * long fsize = ftell(f); fseek(f, 0, SEEK_SET); - uint8_t *dump = malloc(fsize); + if ( fsize < 0 ) { + PrintAndLog("Error, when getting filesize"); + fclose(f); + return 1; + } + uint8_t *dump = malloc(fsize); size_t bytes_read = fread(dump, 1, fsize, f); fclose(f); @@@ -1332,7 -1348,7 +1348,7 @@@ uint64_t hexarray_to_uint64(uint8_t *ke for (int i = 0;i < 8;i++) sprintf(&temp[(i *2)],"%02X",key[i]); temp[16] = '\0'; - if (sscanf(temp,"%016"llX,&uint_key) < 1) + if (sscanf(temp,"%016"llx,&uint_key) < 1) return 0; return uint_key; } @@@ -1431,7 -1447,7 +1447,7 @@@ int CmdHFiClassCalcNewKey(const char *C errors = param_gethex(tempStr, 0, NEWKEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(NEWKEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: NewKey Nbr is invalid\n"); @@@ -1450,7 -1466,7 +1466,7 @@@ errors = param_gethex(tempStr, 0, OLDKEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(OLDKEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: Credit KeyNbr is invalid\n"); @@@ -1498,6 -1514,12 +1514,12 @@@ static int loadKeys(char *filename) long fsize = ftell(f); fseek(f, 0, SEEK_SET); + if ( fsize < 0 ) { + PrintAndLog("Error, when getting filesize"); + fclose(f); + return 1; + } + uint8_t *dump = malloc(fsize); size_t bytes_read = fread(dump, 1, fsize, f); @@@ -1590,8 -1612,8 +1612,8 @@@ int CmdHFiClassManageKeys(const char *C case 'n': case 'N': keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr < 0) { - PrintAndLog("Wrong block number"); + if (keyNbr >= ICLASS_KEYS_MAX) { + PrintAndLog("Invalid block number"); errors = true; } cmdp += 2;