From c46ea881a42c2655f1201f0bb3d55c486f79d9b5 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 8 Jan 2016 14:30:56 +0100 Subject: [PATCH] FIX: coverty scan, resourceleak in "hf mf sniff", added call to 'free' befor return. FIX: coverty scan, overflow in "hf 14a raw", added an extra len check against USB_CMD_DATA_SIZE --- client/cmdhf14a.c | 4 +++- client/cmdhfmf.c | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 8d15f731..d1952672 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -731,8 +731,10 @@ int CmdHF14ACmdRaw(const char *cmd) { if(topazmode) c.arg[0] |= ISO14A_TOPAZMODE; - + // Max buffer is USB_CMD_DATA_SIZE + datalen = (datalen > USB_CMD_DATA_SIZE) ? USB_CMD_DATA_SIZE : datalen; + c.arg[1] = (datalen & 0xFFFF) | (numbits << 16); memcpy(c.d.asBytes,data,datalen); diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index b2d5494f..272f1ade 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -2027,7 +2027,10 @@ int CmdHF14AMfSniff(const char *Cmd){ uint16_t traceLen = resp.arg[1]; len = resp.arg[2]; - if (res == 0) return 0; // we are done + if (res == 0) { + free(buf); + return 0; // we are done + } if (res == 1) { // there is (more) data to be transferred if (pckNum == 0) { // first packet, (re)allocate necessary buffer -- 2.39.5