FIX: coverty scan, resourceleak in "hf mf sniff", added call to 'free' befor return.

FIX: coverty scan, overflow in "hf 14a raw",  added an extra len check against USB_CMD_DATA_SIZE

client/cmdhf14a.c

@@ -731,8 +731,10 @@ int CmdHF14ACmdRaw(const char *cmd) {
 
 	if(topazmode)
 		c.arg[0] |= ISO14A_TOPAZMODE;
-		
+			
 	// Max buffer is USB_CMD_DATA_SIZE
+	datalen = (datalen > USB_CMD_DATA_SIZE) ? USB_CMD_DATA_SIZE : datalen;
+		
     c.arg[1] = (datalen & 0xFFFF) | (numbits << 16);
     memcpy(c.d.asBytes,data,datalen);
 

client/cmdhfmf.c

@@ -2027,7 +2027,10 @@ int CmdHF14AMfSniff(const char *Cmd){
 			uint16_t traceLen = resp.arg[1];
 			len = resp.arg[2];
 
-			if (res == 0) return 0;						// we are done
+			if (res == 0) {
+				free(buf);
+				return 0;						// we are done
+			}
 
 			if (res == 1) {								// there is (more) data to be transferred
 				if (pckNum == 0) {						// first packet, (re)allocate necessary buffer