RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-04-24 01:09:22 +08:00
Code Issues Projects Releases Packages Wiki Activity

FIX: LEGIC - potential stack corruption calculating CRC from user input

Browse source
This commit is contained in:
Alexis Green 2016-08-02 14:10:33 -07:00
parent 0892708119
commit e31a0f736e
1 changed files with 18 additions and 5 deletions

21
client/cmdhflegic.c
View file

@ -570,23 +570,36 @@ int CmdLegicCalcCrc8(const char *Cmd){
uint8_t cmdp = 0, uidcrc = 0, type=0; uint8_t cmdp = 0, uidcrc = 0, type=0;
bool errors = false; bool errors = false;
int len = 0; int len = 0;
int bg, en;
while(param_getchar(Cmd, cmdp) != 0x00) { while(param_getchar(Cmd, cmdp) != 0x00) {
switch(param_getchar(Cmd, cmdp)) { switch(param_getchar(Cmd, cmdp)) {
case 'b': case 'b':
case 'B': case 'B':
// peek at length of the input string so we can
// figure out how many elements to malloc in "data"
bg=en=0;
param_getptr(Cmd, &bg, &en, cmdp+1);
len = (en - bg + 1);
// check that user entered even number of characters
// for hex data string
if (len & 1) {
errors = true;
break;
}
// it's possible for user to accidentally enter "b" parameter // it's possible for user to accidentally enter "b" parameter
// more than once - we have to clean previous malloc // more than once - we have to clean previous malloc
if (data) free(data); if (data) free(data);
data = malloc(len); data = malloc(len >> 1);
if ( data == NULL ) { if ( data == NULL ) {
PrintAndLog("Can't allocate memory. exiting"); PrintAndLog("Can't allocate memory. exiting");
errors = true; errors = true;
break; break;
} }
param_gethex_ex(Cmd, cmdp+1, data, &len);
// if odd symbols, (hexbyte must be two symbols) param_gethex(Cmd, cmdp+1, data, len);
if ( len & 1 ) errors = true;
len >>= 1; len >>= 1;
cmdp += 2; cmdp += 2;