input sanitizing

2024-11-11 18:33:18 +08:00 · 2021-06-22 10:52:08 +02:00 · 2021-06-22 10:52:08 +02:00 · 4facebb34d
commit 4facebb34d
parent d330d22c48
1 changed files with 17 additions and 9 deletions
--- a/client/src/cipurse/cipursecore.c
+++ b/client/src/cipurse/cipursecore.c
@ -27,14 +27,14 @@ CipurseContext cipurseContext;

 static int CIPURSEExchangeEx(bool activate_field, bool leave_field_on, sAPDU apdu, bool include_le,
                             uint16_t le, uint8_t *result, size_t max_result_len, size_t *result_len, uint16_t *sw) {
-    uint8_t data[APDU_RES_LEN] = {0};
-    uint8_t securedata[APDU_RES_LEN] = {0};
-    sAPDU secapdu;

-    if (result_len) {
-        *result_len = 0;
+    if (result_len == NULL) {
+        PrintAndLogEx(FAILED, "CIPURSEExchangeEx, result_len is NULL");
+        return PM3_EINVARG;
    }

+    *result_len = 0;
+
    if (sw) {
        *sw = 0;
    }
@ -53,26 +53,32 @@ static int CIPURSEExchangeEx(bool activate_field, bool leave_field_on, sAPDU apd
    // COMPUTE APDU
    int datalen = 0;
    uint16_t xle = include_le ? 0x100 : 0x00;
-    if (xle == 0x100 && le != 0)
+    if (xle == 0x100 && le != 0) {
        xle = le;
+    }

+    sAPDU secapdu;
+    uint8_t securedata[APDU_RES_LEN] = {0};
    CipurseCAPDUReqEncode(&cipurseContext, &apdu, &secapdu, securedata, include_le, le);

+    uint8_t data[APDU_RES_LEN] = {0};
    if (APDUEncodeS(&secapdu, false, xle, data, &datalen)) {
        PrintAndLogEx(ERR, "APDU encoding error.");
        return 201;
    }

-    if (GetAPDULogging())
+    if (GetAPDULogging()) {
        PrintAndLogEx(SUCCESS, ">>>> %s", sprint_hex(data, datalen));
+    }

    res = ExchangeAPDU14a(data, datalen, activate_field, leave_field_on, result, (int)max_result_len, (int *)result_len);
    if (res) {
        return res;
    }

-    if (GetAPDULogging())
+    if (GetAPDULogging()) {
        PrintAndLogEx(SUCCESS, "<<<< %s", sprint_hex(result, *result_len));
+    }

    if (*result_len < 2) {
        return 200;
@ -80,10 +86,12 @@ static int CIPURSEExchangeEx(bool activate_field, bool leave_field_on, sAPDU apd

    size_t rlen = 0;
    if (*result_len == 2) {
-        if (cipurseContext.RequestSecurity == CPSMACed || cipurseContext.RequestSecurity == CPSEncrypted)
+        if (cipurseContext.RequestSecurity == CPSMACed || cipurseContext.RequestSecurity == CPSEncrypted) {
            CipurseCClearContext(&cipurseContext);
+        }

        isw = result[0] * 0x0100 + result[1];
+
    } else {
        CipurseCAPDURespDecode(&cipurseContext, result, *result_len, securedata, &rlen, &isw);
        memcpy(result, securedata, rlen);