From ab7bb4947515be233282a404fe2e84549aca9579 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 8 Jan 2016 14:25:10 +0100 Subject: [PATCH] FIX: coverty scan reveals some resourceleaks and overruns, which is supposed to be fixed now. /armsrc/des.c overflow 7 instead of 6 /client/cmdlfhitag.c overflows traclen /client/util.c sprint_bin_break overflows. /client/cmdhficlass.c need to free memory after malloc. ADD: RotateRight macro in util.h --- armsrc/des.c | 2 +- client/cmdhficlass.c | 1 + client/cmdlfhitag.c | 2 +- client/util.c | 9 ++++----- client/util.h | 3 +++ 5 files changed, 10 insertions(+), 7 deletions(-) diff --git a/armsrc/des.c b/armsrc/des.c index e72ebb2a..1ff04184 100644 --- a/armsrc/des.c +++ b/armsrc/des.c @@ -274,7 +274,7 @@ uint32_t des_f(uint32_t r, uint8_t* kr){ uint64_t data; uint8_t *sbp; /* sboxpointer */ permute((uint8_t*)e_permtab, (uint8_t*)&r, (uint8_t*)&data); - for(i=0; i<7; ++i) + for(i=0; i<6; ++i) ((uint8_t*)&data)[i] ^= kr[i]; /* Sbox substitution */ diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index ffcd719e..75c45444 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -409,6 +409,7 @@ int CmdHFiClassDecrypt(const char *Cmd) { saveFile(outfilename,"bin", decrypted, blocknum*8); + free(decrypted); return 0; } diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c index 36220643..bd2e47a8 100644 --- a/client/cmdlfhitag.c +++ b/client/cmdlfhitag.c @@ -71,7 +71,7 @@ int CmdLFHitagList(const char *Cmd) for (;;) { - if(i > traceLen) { break; } + if(i >= traceLen) { break; } bool isResponse; int timestamp = *((uint32_t *)(got+i)); diff --git a/client/util.c b/client/util.c index a3672130..de6443cf 100644 --- a/client/util.c +++ b/client/util.c @@ -137,7 +137,7 @@ char *sprint_bin_break(const uint8_t *data, const size_t len, const uint8_t brea size_t in_index = 0; // loop through the out_index to make sure we don't go too far - for (size_t out_index=0; out_index < max_len; out_index++) { + for (size_t out_index=0; out_index < max_len-2; out_index++) { // set character sprintf(tmp++, "%u", data[in_index]); // check if a line break is needed and we have room to print it in our array @@ -463,11 +463,9 @@ void binarraytobinstring(char *target, char *source, int length) uint8_t GetParity( uint8_t *bits, uint8_t type, int length) { int x; - - for(x= 0 ; length > 0 ; --length) + for( x = 0 ; length > 0 ; --length) x += bits[length - 1]; x %= 2; - return x ^ type; } @@ -503,7 +501,8 @@ uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits) { return tmp; } -// RotateLeft - Ultralight, Desfire +// RotateLeft - Ultralight, Desfire, works on byte level +// 00-01-02 >> 01-02-00 void rol(uint8_t *data, const size_t len){ uint8_t first = data[0]; for (size_t i = 0; i < len-1; i++) { diff --git a/client/util.h b/client/util.h index 446ec882..12f15929 100644 --- a/client/util.h +++ b/client/util.h @@ -17,6 +17,9 @@ #include #include "data.h" +#ifndef ROTR +# define ROTR(x,n) (((uintmax_t)(x) >> (n)) | ((uintmax_t)(x) << ((sizeof(x) * 8) - (n)))) +#endif #ifndef MIN # define MIN(a, b) (((a) < (b)) ? (a) : (b)) #endif -- 2.39.2