From 7eb79732ff862ab7cb33db55259ec457c349590d Mon Sep 17 00:00:00 2001
From: Matthias Konrath <office@inet-sec.at>
Date: Wed, 28 Aug 2019 10:38:56 +0200
Subject: [PATCH] Added security features to the loadFileDICTIONARY_safe
 function (memset after a realloc).

---
 client/fileutils.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/client/fileutils.c b/client/fileutils.c
index ff2dc510f..787ce0cfb 100644
--- a/client/fileutils.c
+++ b/client/fileutils.c
@@ -673,7 +673,7 @@ int loadFileDICTIONARY_safe(const char *preferredName, uint8_t **data, uint8_t k
     char line[255];
 
     // allocate some space for the dictionary
-    *data = (uint8_t*) malloc(keylen * allocation_size * sizeof(uint8_t));
+    *data = (uint8_t*) calloc(keylen * allocation_size, sizeof(uint8_t));
     if (*data == NULL) return PM3_EFILE;
 
     FILE *f = fopen(path, "r");
@@ -688,7 +688,12 @@ int loadFileDICTIONARY_safe(const char *preferredName, uint8_t **data, uint8_t k
         if ((*keycnt) >= allocation_size) {
             allocation_size += block_size;
             *data = (uint8_t*) realloc((void*) *data, keylen * allocation_size * sizeof(uint8_t));
-            if (*data == NULL) return PM3_EFILE;
+            if (*data == NULL) {
+                return PM3_EFILE;
+            } else {
+                // zero the new memeory (safety first)
+                memset(*data + counter, 0, block_size);
+            }
         }
 
         // add null terminator