From aacb96d7ed1723663fddd4e2611c22c971442cbd Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 17 Feb 2016 10:46:08 +0100 Subject: [PATCH] FIX: Coverity scan fixes, hard to keep track of stringlengths while reading and copying in C. --- armsrc/desfire_crypto.c | 2 +- client/cmdhflegic.c | 56 +++++++++++++++++++++++++------------- client/cmdparser.c | 2 +- client/nonce2key/crapto1.c | 11 ++++---- client/nonce2key/crypto1.c | 4 ++- client/proxmark3.c | 24 ++++++++-------- 6 files changed, 60 insertions(+), 39 deletions(-) diff --git a/armsrc/desfire_crypto.c b/armsrc/desfire_crypto.c index acce980f..18ed67f6 100644 --- a/armsrc/desfire_crypto.c +++ b/armsrc/desfire_crypto.c @@ -580,7 +580,7 @@ void mifare_cypher_single_block (desfirekey_t key, uint8_t *data, uint8_t *ivect { AesCtx ctx; AesCtxIni(&ctx, ivect, key->data, KEY128,CBC); - AesEncrypt(&ctx, data, edata, sizeof(data) ); + AesEncrypt(&ctx, data, edata, sizeof(edata) ); break; } case MCO_DECYPHER: diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c index 8310da86..ab9df487 100644 --- a/client/cmdhflegic.c +++ b/client/cmdhflegic.c @@ -68,7 +68,7 @@ int CmdLegicDecode(const char *Cmd) { uint32_t calc_crc = CRC8Legic(data_buf, 4); PrintAndLog("\nCDF: System Area"); - + PrintAndLog("------------------------------------------------------"); PrintAndLog("MCD: %02x, MSN: %02x %02x %02x, MCC: %02x %s", data_buf[0], data_buf[1], @@ -118,8 +118,22 @@ int CmdLegicDecode(const char *Cmd) { uint32_t segCalcCRC = 0; uint32_t segCRC = 0; + // see if user area is xored or just zeros. + int numOfZeros = 0; + for (int index=22; index < 256; ++index){ + if ( data_buf[index] == 0x00 ) + ++numOfZeros; + } + // if possible zeros is less then 60%, lets assume data is xored + // 256 - 22 (header) = 234 + // 1024 - 22 (header) = 1002 + int isXored = (numOfZeros*100/stamp_len) < 50; + PrintAndLog("is data xored? %d ( %d %)", isXored, (numOfZeros*100/stamp_len)); + + print_hex_break( data_buf, 33, 16); + PrintAndLog("\nADF: User Area"); - printf("-------------------------------------\n"); + PrintAndLog("------------------------------------------------------"); i = 22; // 64 potential segements // how to detect there is no segments?!? @@ -148,7 +162,7 @@ int CmdLegicDecode(const char *Cmd) { segCalcCRC = CRC8Legic(segCrcBytes, 8); segCRC = data_buf[i+4]^crc; - PrintAndLog("Segment %02u \nraw header=0x%02X 0x%02X 0x%02X 0x%02X \nSegment len: %u, Flag: 0x%X (valid:%01u, last:%01u), WRP: %02u, WRC: %02u, RD: %01u, CRC: 0x%02X (%s)", + PrintAndLog("Segment %02u \nraw header | 0x%02X 0x%02X 0x%02X 0x%02X \nSegment len: %u, Flag: 0x%X (valid:%01u, last:%01u), WRP: %02u, WRC: %02u, RD: %01u, CRC: 0x%02X (%s)", segmentNum, data_buf[i]^crc, data_buf[i+1]^crc, @@ -169,9 +183,10 @@ int CmdLegicDecode(const char *Cmd) { if ( hasWRC ) { PrintAndLog("WRC protected area: (I %d | K %d| WRC %d)", i, k, wrc); - + PrintAndLog("\nrow | data"); + PrintAndLog("-----+------------------------------------------------"); // de-xor? if not zero, assume it needs xoring. - if ( data_buf[i] > 0) { + if ( isXored) { for ( k=i; k < wrc; ++k) data_buf[k] ^= crc; } @@ -182,9 +197,10 @@ int CmdLegicDecode(const char *Cmd) { if ( hasWRP ) { PrintAndLog("Remaining write protected area: (I %d | K %d | WRC %d | WRP %d WRP_LEN %d)",i, k, wrc, wrp, wrp_len); + PrintAndLog("\nrow | data"); + PrintAndLog("-----+------------------------------------------------"); - // de-xor? if not zero, assume it needs xoring. - if ( data_buf[i] > 0) { + if (isXored) { for (k=i; k < wrp_len; ++k) data_buf[k] ^= crc; } @@ -199,8 +215,9 @@ int CmdLegicDecode(const char *Cmd) { } PrintAndLog("Remaining segment payload: (I %d | K %d | Remain LEN %d)", i, k, remain_seg_payload_len); - - if ( data_buf[i] > 0 ) { + PrintAndLog("\nrow | data"); + PrintAndLog("-----+------------------------------------------------"); + if ( isXored ) { for ( k=i; k < remain_seg_payload_len; ++k) data_buf[k] ^= crc; } @@ -209,7 +226,7 @@ int CmdLegicDecode(const char *Cmd) { i += remain_seg_payload_len; - printf("\n-------------------------------------\n"); + PrintAndLog("-----+------------------------------------------------\n"); // end with last segment if (segment_flag & 0x8) return 0; @@ -332,18 +349,18 @@ int CmdLegicSave(const char *Cmd) { return 0; } - FILE *f = fopen(filename, "w"); - if(!f) { - PrintAndLog("couldn't open '%s'", Cmd+1); - return -1; - } - GetFromBigBuf(got, requested, offset); if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2000)){ - PrintAndLog("Command execute timeout"); + PrintAndLog("Command execute timeout"); return 1; } + FILE *f = fopen(filename, "w"); + if(!f) { + PrintAndLog("couldn't open '%s'", Cmd+1); + return -1; + } + for (int j = 0; j < requested; j += 8) { fprintf(f, "%02x %02x %02x %02x %02x %02x %02x %02x\n", got[j+0], got[j+1], got[j+2], got[j+3], @@ -409,10 +426,11 @@ int CmdLegicCalcCrc8(const char *Cmd){ int len = strlen(Cmd); if (len & 1 ) return usage_legic_calccrc8(); - uint8_t *data = malloc(len); + // add 1 for null terminator. + uint8_t *data = malloc(len+1); if ( data == NULL ) return 1; - param_gethex(Cmd, 0, data, len ); + if (!param_gethex(Cmd, 0, data, len )) return usage_legic_calccrc8(); uint32_t checksum = CRC8Legic(data, len/2); PrintAndLog("Bytes: %s || CRC8: %X", sprint_hex(data, len/2), checksum ); diff --git a/client/cmdparser.c b/client/cmdparser.c index 90521931..b622df4f 100644 --- a/client/cmdparser.c +++ b/client/cmdparser.c @@ -43,7 +43,7 @@ int CmdsParse(const command_t Commands[], const char *Cmd) } char cmd_name[32]; int len = 0; - memset(cmd_name, 0, 32); + memset(cmd_name, 0, sizeof(cmd_name)); sscanf(Cmd, "%31s%n", cmd_name, &len); int i = 0; while (Commands[i].Name && strcmp(Commands[i].Name, cmd_name)) diff --git a/client/nonce2key/crapto1.c b/client/nonce2key/crapto1.c index f005a9e3..626823f8 100644 --- a/client/nonce2key/crapto1.c +++ b/client/nonce2key/crapto1.c @@ -486,12 +486,11 @@ struct Crypto1State* lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8] odd = lfsr_prefix_ks(ks, 1); even = lfsr_prefix_ks(ks, 0); - s = statelist = malloc((sizeof *statelist) << 21); + s = statelist = malloc((sizeof *statelist) << 20); if(!s || !odd || !even) { free(statelist); - free(odd); - free(even); - return 0; + statelist = 0; + goto out; } for(o = odd; *o + 1; ++o) @@ -503,8 +502,8 @@ struct Crypto1State* lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8] } s->odd = s->even = 0; - +out: free(odd); free(even); return statelist; -} \ No newline at end of file +} diff --git a/client/nonce2key/crypto1.c b/client/nonce2key/crypto1.c index ba297b8d..268d55a0 100644 --- a/client/nonce2key/crypto1.c +++ b/client/nonce2key/crypto1.c @@ -24,7 +24,9 @@ struct Crypto1State * crypto1_create(uint64_t key) { struct Crypto1State *s = malloc(sizeof(*s)); if ( !s ) return NULL; - + + s->odd = s->even = 0; + int i; //for(i = 47;s && i > 0; i -= 2) { for(i = 47; i > 0; i -= 2) { diff --git a/client/proxmark3.c b/client/proxmark3.c index 907f5e7f..70e09ada 100644 --- a/client/proxmark3.c +++ b/client/proxmark3.c @@ -127,8 +127,8 @@ static void *main_loop(void *targ) { while(1) { // If there is a script file - if (script_file) - { + if (script_file) { + if (!fgets(script_cmd_buf, sizeof(script_cmd_buf), script_file)) { fclose(script_file); script_file = NULL; @@ -142,9 +142,10 @@ static void *main_loop(void *targ) { if (nl) *nl = '\0'; - - if ((cmd = (char*) malloc(strlen(script_cmd_buf) + 1)) != NULL) { - memset(cmd, 0, strlen(script_cmd_buf)); + + int newlen = strlen(script_cmd_buf); + if ((cmd = (char*) malloc( newlen + 1)) != NULL) { + memset(cmd, 0x00, newlen); strcpy(cmd, script_cmd_buf); printf("%s\n", cmd); } @@ -170,8 +171,14 @@ static void *main_loop(void *targ) { printf("\n"); break; } + free(cmd); } - + + if (script_file) { + fclose(script_file); + script_file = NULL; + } + write_history(".history"); free(cmd); @@ -181,11 +188,6 @@ static void *main_loop(void *targ) { pthread_join(reader_thread, NULL); } - if (script_file) { - fclose(script_file); - script_file = NULL; - } - ExitGraphics(); pthread_exit(NULL); return NULL; -- 2.39.2