RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-02-27 17:43:07 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix outofbounds

Browse source
This commit is contained in:
iceman1001 2022-01-11 10:54:14 +01:00
parent c754122a74
commit 5f9d8273e6
1 changed files with 23 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
client/src/emv/emv_pk.c
View file

@ -269,23 +269,27 @@ char *emv_pk_dump_pk(const struct emv_pk *pk) {
size_t outpos = 0;
size_t outsize = 1048; // should be enough
char *out = calloc(1, outsize); // should be enough
if (!out)
if (out == NULL) {
return NULL;
}
size_t rc = emv_pk_write_bin(out + outpos, outsize - outpos, pk->rid, 5);
if (rc == 0)
if (rc == 0) {
goto err;
}
outpos += rc;
rc = emv_pk_write_bin(out + outpos, outsize - outpos, &pk->index, 1);
if (rc == 0)
if (rc == 0) {
goto err;
}
outpos += rc;
if (outpos + 7 > outsize)
if (outpos + 7 >= outsize) {
goto err;
}
out[outpos++] = TOHEX((pk->expire >> 20) & 0xf);
out[outpos++] = TOHEX((pk->expire >> 16) & 0xf);
out[outpos++] = TOHEX((pk->expire >> 12) & 0xf);
@ -296,13 +300,15 @@ char *emv_pk_dump_pk(const struct emv_pk *pk) {
if (pk->pk_algo == PK_RSA) {
rc = emv_pk_write_str(out + outpos, outsize - outpos, "rsa");
if (rc == 0)
if (rc == 0) {
goto err;
}
outpos += rc;
out[outpos++] = ' ';
} else {
if (outpos + 4 > outsize)
if (outpos + 4 >= outsize) {
goto err;
}
out[outpos++] = '?';
out[outpos++] = '?';
out[outpos++] = TOHEX(pk->pk_algo >> 4);
@ -310,24 +316,28 @@ char *emv_pk_dump_pk(const struct emv_pk *pk) {
}
rc = emv_pk_write_bin(out + outpos, outsize - outpos, pk->exp, pk->elen);
if (rc == 0)
if (rc == 0) {
goto err;
}
outpos += rc;
rc = emv_pk_write_bin(out + outpos, outsize - outpos, pk->modulus, pk->mlen);
if (rc == 0)
if (rc == 0) {
goto err;
}
outpos += rc;
if (pk->hash_algo == HASH_SHA_1) {
rc = emv_pk_write_str(out + outpos, outsize - outpos, "sha1");
if (rc == 0)
if (rc == 0) {
goto err;
}
outpos += rc;
out[outpos++] = ' ';
} else {
if (outpos + 4 > outsize)
if (outpos + 4 >= outsize) {
goto err;
}
out[outpos++] = '?';
out[outpos++] = '?';
out[outpos++] = TOHEX(pk->pk_algo >> 4);
@ -336,12 +346,12 @@ char *emv_pk_dump_pk(const struct emv_pk *pk) {
rc = emv_pk_write_bin(out + outpos, outsize - outpos, pk->hash, 20);
if (rc == 0)
if (rc == 0) {
goto err;
}
outpos += rc;
out[outpos - 1] = '\0';
return out;
err: