mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-01-07 16:48:15 +08:00
FIX: ELOAD/ESAVE/CLOAD/CSAVE filename bufferoverflow, and filename generation if UID not readable.
Thanks @p-l-
ref: 0b14440dce
This commit is contained in:
parent
ce432659f2
commit
d23f3f2c9a
1 changed files with 18 additions and 13 deletions
|
@ -1200,9 +1200,9 @@ int CmdHF14AMfELoad(const char *Cmd)
|
||||||
|
|
||||||
len = param_getstr(Cmd,nameParamNo,filename);
|
len = param_getstr(Cmd,nameParamNo,filename);
|
||||||
|
|
||||||
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
|
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;
|
||||||
|
|
||||||
fnameptr += len-4;
|
fnameptr += len;
|
||||||
|
|
||||||
sprintf(fnameptr, ".eml");
|
sprintf(fnameptr, ".eml");
|
||||||
|
|
||||||
|
@ -1299,19 +1299,22 @@ int CmdHF14AMfESave(const char *Cmd)
|
||||||
|
|
||||||
len = param_getstr(Cmd,nameParamNo,filename);
|
len = param_getstr(Cmd,nameParamNo,filename);
|
||||||
|
|
||||||
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
|
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;
|
||||||
|
|
||||||
// user supplied filename?
|
// user supplied filename?
|
||||||
if (len < 1) {
|
if (len < 1) {
|
||||||
// get filename (UID from memory)
|
// get filename (UID from memory)
|
||||||
if (mfEmlGetMem(buf, 0, 1)) {
|
if (mfEmlGetMem(buf, 0, 1)) {
|
||||||
PrintAndLog("Can\'t get UID from block: %d", 0);
|
PrintAndLog("Can\'t get UID from block: %d", 0);
|
||||||
sprintf(filename, "dump.eml");
|
len = sprintf(fnameptr, "dump");
|
||||||
|
fnameptr += len;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
for (j = 0; j < 7; j++, fnameptr += 2)
|
||||||
|
sprintf(fnameptr, "%02X", buf[j]);
|
||||||
}
|
}
|
||||||
for (j = 0; j < 7; j++, fnameptr += 2)
|
|
||||||
sprintf(fnameptr, "%02X", buf[j]);
|
|
||||||
} else {
|
} else {
|
||||||
fnameptr += len-4;
|
fnameptr += len;
|
||||||
}
|
}
|
||||||
|
|
||||||
// add file extension
|
// add file extension
|
||||||
|
@ -1572,10 +1575,10 @@ int CmdHF14AMfCLoad(const char *Cmd)
|
||||||
return 0;
|
return 0;
|
||||||
} else {
|
} else {
|
||||||
len = strlen(Cmd);
|
len = strlen(Cmd);
|
||||||
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
|
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;
|
||||||
|
|
||||||
memcpy(filename, Cmd, len);
|
memcpy(filename, Cmd, len);
|
||||||
fnameptr += len-4;
|
fnameptr += len;
|
||||||
|
|
||||||
sprintf(fnameptr, ".eml");
|
sprintf(fnameptr, ".eml");
|
||||||
|
|
||||||
|
@ -1742,16 +1745,18 @@ int CmdHF14AMfCSave(const char *Cmd) {
|
||||||
return 0;
|
return 0;
|
||||||
} else {
|
} else {
|
||||||
len = strlen(Cmd);
|
len = strlen(Cmd);
|
||||||
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
|
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;
|
||||||
|
|
||||||
if (len < 1) {
|
if (len < 1) {
|
||||||
// get filename
|
// get filename
|
||||||
if (mfCGetBlock(0, buf, CSETBLOCK_SINGLE_OPER)) {
|
if (mfCGetBlock(0, buf, CSETBLOCK_SINGLE_OPER)) {
|
||||||
PrintAndLog("Cant get block: %d", 0);
|
PrintAndLog("Cant get block: %d", 0);
|
||||||
return 1;
|
len = sprintf(fnameptr, "dump");
|
||||||
|
fnameptr += len;
|
||||||
|
} else {
|
||||||
|
for (j = 0; j < 7; j++, fnameptr += 2)
|
||||||
|
sprintf(fnameptr, "%02x", buf[j]);
|
||||||
}
|
}
|
||||||
for (j = 0; j < 7; j++, fnameptr += 2)
|
|
||||||
sprintf(fnameptr, "%02x", buf[j]);
|
|
||||||
} else {
|
} else {
|
||||||
memcpy(filename, Cmd, len);
|
memcpy(filename, Cmd, len);
|
||||||
fnameptr += len;
|
fnameptr += len;
|
||||||
|
|
Loading…
Reference in a new issue