From 5147ec695991384578073c93d65e268f852b59c7 Mon Sep 17 00:00:00 2001
From: Alexis Green <alexis@cessp.it>
Date: Tue, 2 Aug 2016 13:37:05 -0700
Subject: [PATCH 1/3] CHG: LEGIC - allow offline mode due to existing offline
 command

---
 client/cmdhf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/cmdhf.c b/client/cmdhf.c
index a14c2e59f..e1a203e75 100644
--- a/client/cmdhf.c
+++ b/client/cmdhf.c
@@ -789,7 +789,7 @@ static command_t CommandTable[] = {
 	{"14b",         CmdHF14B,         1, "{ ISO14443B RFIDs... }"},
 	{"15",          CmdHF15,          1, "{ ISO15693 RFIDs... }"},
 	{"epa",         CmdHFEPA,         1, "{ German Identification Card... }"},
-	{"legic",       CmdHFLegic,       0, "{ LEGIC RFIDs... }"},
+	{"legic",       CmdHFLegic,       1, "{ LEGIC RFIDs... }"},
 	{"iclass",      CmdHFiClass,      1, "{ ICLASS RFIDs... }"},
 	{"mf",      	CmdHFMF,		  1, "{ MIFARE RFIDs... }"},
 	{"mfu",         CmdHFMFUltra,     1, "{ MIFARE Ultralight RFIDs... }"},

From 0892708119735d1f3720700a8334a35bc37706c0 Mon Sep 17 00:00:00 2001
From: Alexis Green <alexis@cessp.it>
Date: Tue, 2 Aug 2016 13:57:44 -0700
Subject: [PATCH 2/3] FIX: CoverityScan 123465 - Resource leak

---
 client/cmdhflegic.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c
index 731cead10..d55ea98d8 100644
--- a/client/cmdhflegic.c
+++ b/client/cmdhflegic.c
@@ -575,6 +575,9 @@ int CmdLegicCalcCrc8(const char *Cmd){
 		switch(param_getchar(Cmd, cmdp)) {
 		case 'b':
 		case 'B':
+			// it's possible for user to accidentally enter "b" parameter
+			// more than once - we have to clean previous malloc
+			if (data) free(data);
 			data = malloc(len);
 			if ( data == NULL ) {
 				PrintAndLog("Can't allocate memory. exiting");

From e31a0f736ed6cedd58437e686f3ba651935df527 Mon Sep 17 00:00:00 2001
From: Alexis Green <alexis@cessp.it>
Date: Tue, 2 Aug 2016 14:10:33 -0700
Subject: [PATCH 3/3] FIX: LEGIC - potential stack corruption calculating CRC
 from user input

---
 client/cmdhflegic.c | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c
index d55ea98d8..916825812 100644
--- a/client/cmdhflegic.c
+++ b/client/cmdhflegic.c
@@ -570,23 +570,36 @@ int CmdLegicCalcCrc8(const char *Cmd){
 	uint8_t cmdp = 0, uidcrc = 0, type=0;
 	bool errors = false;
 	int len = 0;
+	int bg, en;
 	
 	while(param_getchar(Cmd, cmdp) != 0x00) {
 		switch(param_getchar(Cmd, cmdp)) {
 		case 'b':
 		case 'B':
+			// peek at length of the input string so we can
+			// figure out how many elements to malloc in "data"
+			bg=en=0;
+			param_getptr(Cmd, &bg, &en, cmdp+1);
+			len = (en - bg + 1);
+
+			// check that user entered even number of characters
+			// for hex data string
+			if (len & 1) {
+				errors = true;
+				break;
+			}
+
 			// it's possible for user to accidentally enter "b" parameter
 			// more than once - we have to clean previous malloc
 			if (data) free(data);
-			data = malloc(len);
+			data = malloc(len >> 1);
 			if ( data == NULL ) {
 				PrintAndLog("Can't allocate memory. exiting");
 				errors = true;
 				break;
-			}			
-			param_gethex_ex(Cmd, cmdp+1, data, &len);
-			// if odd symbols, (hexbyte must be two symbols)
-			if ( len & 1 ) errors = true;
+			}
+			
+			param_gethex(Cmd, cmdp+1, data, len);
 
 			len >>= 1;	
 			cmdp += 2;