FIX: ELOAD/ESAVE/CLOAD/CSAVE filename bufferoverflow, and filename generation if UID not readable.

Thanks @p-l-
ref: 0b14440dce
This commit is contained in:
iceman1001 2015-05-24 21:50:15 +02:00
parent ce432659f2
commit d23f3f2c9a

View file

@ -1200,9 +1200,9 @@ int CmdHF14AMfELoad(const char *Cmd)
len = param_getstr(Cmd,nameParamNo,filename); len = param_getstr(Cmd,nameParamNo,filename);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;
fnameptr += len-4; fnameptr += len;
sprintf(fnameptr, ".eml"); sprintf(fnameptr, ".eml");
@ -1299,19 +1299,22 @@ int CmdHF14AMfESave(const char *Cmd)
len = param_getstr(Cmd,nameParamNo,filename); len = param_getstr(Cmd,nameParamNo,filename);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;
// user supplied filename? // user supplied filename?
if (len < 1) { if (len < 1) {
// get filename (UID from memory) // get filename (UID from memory)
if (mfEmlGetMem(buf, 0, 1)) { if (mfEmlGetMem(buf, 0, 1)) {
PrintAndLog("Can\'t get UID from block: %d", 0); PrintAndLog("Can\'t get UID from block: %d", 0);
sprintf(filename, "dump.eml"); len = sprintf(fnameptr, "dump");
fnameptr += len;
} }
else {
for (j = 0; j < 7; j++, fnameptr += 2) for (j = 0; j < 7; j++, fnameptr += 2)
sprintf(fnameptr, "%02X", buf[j]); sprintf(fnameptr, "%02X", buf[j]);
}
} else { } else {
fnameptr += len-4; fnameptr += len;
} }
// add file extension // add file extension
@ -1572,10 +1575,10 @@ int CmdHF14AMfCLoad(const char *Cmd)
return 0; return 0;
} else { } else {
len = strlen(Cmd); len = strlen(Cmd);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;
memcpy(filename, Cmd, len); memcpy(filename, Cmd, len);
fnameptr += len-4; fnameptr += len;
sprintf(fnameptr, ".eml"); sprintf(fnameptr, ".eml");
@ -1742,16 +1745,18 @@ int CmdHF14AMfCSave(const char *Cmd) {
return 0; return 0;
} else { } else {
len = strlen(Cmd); len = strlen(Cmd);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;
if (len < 1) { if (len < 1) {
// get filename // get filename
if (mfCGetBlock(0, buf, CSETBLOCK_SINGLE_OPER)) { if (mfCGetBlock(0, buf, CSETBLOCK_SINGLE_OPER)) {
PrintAndLog("Cant get block: %d", 0); PrintAndLog("Cant get block: %d", 0);
return 1; len = sprintf(fnameptr, "dump");
} fnameptr += len;
} else {
for (j = 0; j < 7; j++, fnameptr += 2) for (j = 0; j < 7; j++, fnameptr += 2)
sprintf(fnameptr, "%02x", buf[j]); sprintf(fnameptr, "%02x", buf[j]);
}
} else { } else {
memcpy(filename, Cmd, len); memcpy(filename, Cmd, len);
fnameptr += len; fnameptr += len;