mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-01-05 23:52:27 +08:00
FIX: ELOAD/ESAVE/CLOAD/CSAVE filename bufferoverflow, and filename generation if UID not readable.
Thanks @p-l-
ref: 0b14440dce
This commit is contained in:
parent
ce432659f2
commit
d23f3f2c9a
1 changed files with 18 additions and 13 deletions
|
@ -1200,9 +1200,9 @@ int CmdHF14AMfELoad(const char *Cmd)
|
|||
|
||||
len = param_getstr(Cmd,nameParamNo,filename);
|
||||
|
||||
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
|
||||
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;
|
||||
|
||||
fnameptr += len-4;
|
||||
fnameptr += len;
|
||||
|
||||
sprintf(fnameptr, ".eml");
|
||||
|
||||
|
@ -1299,19 +1299,22 @@ int CmdHF14AMfESave(const char *Cmd)
|
|||
|
||||
len = param_getstr(Cmd,nameParamNo,filename);
|
||||
|
||||
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
|
||||
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;
|
||||
|
||||
// user supplied filename?
|
||||
if (len < 1) {
|
||||
// get filename (UID from memory)
|
||||
if (mfEmlGetMem(buf, 0, 1)) {
|
||||
PrintAndLog("Can\'t get UID from block: %d", 0);
|
||||
sprintf(filename, "dump.eml");
|
||||
len = sprintf(fnameptr, "dump");
|
||||
fnameptr += len;
|
||||
}
|
||||
else {
|
||||
for (j = 0; j < 7; j++, fnameptr += 2)
|
||||
sprintf(fnameptr, "%02X", buf[j]);
|
||||
}
|
||||
for (j = 0; j < 7; j++, fnameptr += 2)
|
||||
sprintf(fnameptr, "%02X", buf[j]);
|
||||
} else {
|
||||
fnameptr += len-4;
|
||||
fnameptr += len;
|
||||
}
|
||||
|
||||
// add file extension
|
||||
|
@ -1572,10 +1575,10 @@ int CmdHF14AMfCLoad(const char *Cmd)
|
|||
return 0;
|
||||
} else {
|
||||
len = strlen(Cmd);
|
||||
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
|
||||
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;
|
||||
|
||||
memcpy(filename, Cmd, len);
|
||||
fnameptr += len-4;
|
||||
fnameptr += len;
|
||||
|
||||
sprintf(fnameptr, ".eml");
|
||||
|
||||
|
@ -1742,16 +1745,18 @@ int CmdHF14AMfCSave(const char *Cmd) {
|
|||
return 0;
|
||||
} else {
|
||||
len = strlen(Cmd);
|
||||
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
|
||||
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;
|
||||
|
||||
if (len < 1) {
|
||||
// get filename
|
||||
if (mfCGetBlock(0, buf, CSETBLOCK_SINGLE_OPER)) {
|
||||
PrintAndLog("Cant get block: %d", 0);
|
||||
return 1;
|
||||
len = sprintf(fnameptr, "dump");
|
||||
fnameptr += len;
|
||||
} else {
|
||||
for (j = 0; j < 7; j++, fnameptr += 2)
|
||||
sprintf(fnameptr, "%02x", buf[j]);
|
||||
}
|
||||
for (j = 0; j < 7; j++, fnameptr += 2)
|
||||
sprintf(fnameptr, "%02x", buf[j]);
|
||||
} else {
|
||||
memcpy(filename, Cmd, len);
|
||||
fnameptr += len;
|
||||
|
|
Loading…
Reference in a new issue