FIX: coverty scan reveals some resourceleaks and overruns, which is supposed to be fixed now.

/armsrc/des.c overflow 7 instead of 6 /client/cmdlfhitag.c overflows traclen /client/util.c sprint_bin_break overflows. /client/cmdhficlass.c need to free memory after malloc. ADD: RotateRight macro in util.h
2024-09-20 15:26:13 +08:00 · 2016-01-08 14:25:10 +01:00 · 2016-01-08 14:25:10 +01:00 · ab7bb49475
parent b64712d7f9
commit ab7bb49475
5 changed files with 10 additions and 7 deletions
--- a/armsrc/des.c
+++ b/armsrc/des.c
@ -274,7 +274,7 @@ uint32_t des_f(uint32_t r, uint8_t* kr){
 	uint64_t data;
 	uint8_t *sbp; /* sboxpointer */ 
 	permute((uint8_t*)e_permtab, (uint8_t*)&r, (uint8_t*)&data);
-	for(i=0; i<7; ++i)
+	for(i=0; i<6; ++i)
 		((uint8_t*)&data)[i] ^= kr[i];
 	
 	/* Sbox substitution */
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@ -409,6 +409,7 @@ int CmdHFiClassDecrypt(const char *Cmd) {

 	saveFile(outfilename,"bin", decrypted, blocknum*8);

+	free(decrypted);
 	return 0;
 }

--- a/client/cmdlfhitag.c
+++ b/client/cmdlfhitag.c
@ -71,7 +71,7 @@ int CmdLFHitagList(const char *Cmd)

 	for (;;) {
  
-		if(i > traceLen) { break; }
+		if(i >= traceLen) { break; }

 		bool isResponse;
 		int timestamp = *((uint32_t *)(got+i));
--- a/client/util.c
+++ b/client/util.c
@ -137,7 +137,7 @@ char *sprint_bin_break(const uint8_t *data, const size_t len, const uint8_t brea

 	size_t in_index = 0;
 	// loop through the out_index to make sure we don't go too far
-	for (size_t out_index=0; out_index < max_len; out_index++) {
+	for (size_t out_index=0; out_index < max_len-2; out_index++) {
 		// set character
 		sprintf(tmp++, "%u", data[in_index]);
 		// check if a line break is needed and we have room to print it in our array
@ -463,11 +463,9 @@ void binarraytobinstring(char *target, char *source,  int length)
 uint8_t GetParity( uint8_t *bits, uint8_t type, int length)
 {
    int x;
-
-    for(x= 0 ; length > 0 ; --length)
+    for( x = 0 ; length > 0 ; --length)
        x += bits[length - 1];
    x %= 2;
-
    return x ^ type;
 }

@ -503,7 +501,8 @@ uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits) {
 	return tmp;
 }

-// RotateLeft - Ultralight, Desfire
+// RotateLeft - Ultralight, Desfire, works on byte level
+// 00-01-02  >> 01-02-00
 void rol(uint8_t *data, const size_t len){
    uint8_t first = data[0];
    for (size_t i = 0; i < len-1; i++) {
--- a/client/util.h
+++ b/client/util.h
@ -17,6 +17,9 @@
 #include <time.h>
 #include "data.h"

+#ifndef ROTR
+# define ROTR(x,n) (((uintmax_t)(x) >> (n)) | ((uintmax_t)(x) << ((sizeof(x) * 8) - (n))))
+#endif
 #ifndef MIN
 # define MIN(a, b) (((a) < (b)) ? (a) : (b))
 #endif