]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdhflegic.c
Coverity Scan 133850, need to ask @jason about this one.
[proxmark3-svn] / client / cmdhflegic.c
index ec870b901d01553237b2aabb42323177846ee307..67085f8e5c02581abef45ee00c2b13c7918c5299 100644 (file)
@@ -297,7 +297,7 @@ int CmdLegicDecode(const char *Cmd) {
                        i = 8;
 
                        wrp          = data_buf[7] & 0x0F;
-                       wrc          = (data_buf[7] & 0x07) >> 4;
+                       wrc          = (data_buf[7] & 0x07) >> 4; // ICEMAN 20160802, this will always be ZERO
 
                        bool hasWRC = (wrc > 0);
                        bool hasWRP = (wrp > wrc);
@@ -527,8 +527,7 @@ int CmdLegicRfRawWrite(const char *Cmd) {
                PrintAndLog("# changing the DCF is irreversible  #");
                PrintAndLog("#####################################");
                PrintAndLog("do youe really want to continue? y(es) n(o)");             
-               scanf(" %c", &answer);
-               if (answer == 'y' || answer == 'Y') {
+               if (scanf(" %c", &answer) > 0 && (answer == 'y' || answer == 'Y')) {
                        SendCommand(&c);
                        return 0;
                }
@@ -567,24 +566,46 @@ int CmdLegicRfFill(const char *Cmd) {
 
 int CmdLegicCalcCrc8(const char *Cmd){
 
-       uint8_t *data;
+       uint8_t *data = NULL;
        uint8_t cmdp = 0, uidcrc = 0, type=0;
        bool errors = false;
        int len = 0;
+       int bg, en;
        
        while(param_getchar(Cmd, cmdp) != 0x00) {
                switch(param_getchar(Cmd, cmdp)) {
                case 'b':
                case 'B':
-                       data = malloc(len);
+                       // peek at length of the input string so we can
+                       // figure out how many elements to malloc in "data"
+                       bg=en=0;
+                       if (param_getptr(Cmd, &bg, &en, cmdp+1)) {
+                               errors = true;
+                               break;
+                       }
+                       len = (en - bg + 1);
+
+                       // check that user entered even number of characters
+                       // for hex data string
+                       if (len & 1) {
+                               errors = true;
+                               break;
+                       }
+
+                       // it's possible for user to accidentally enter "b" parameter
+                       // more than once - we have to clean previous malloc
+                       if (data) free(data);
+                       data = malloc(len >> 1);
                        if ( data == NULL ) {
                                PrintAndLog("Can't allocate memory. exiting");
                                errors = true;
                                break;
-                       }                       
-                       param_gethex_ex(Cmd, cmdp+1, data, &len);
-                       // if odd symbols, (hexbyte must be two symbols)
-                       if ( len & 1 ) errors = true;
+                       }
+                       
+                       if (param_gethex(Cmd, cmdp+1, data, len)) {
+                               errors = true;
+                               break;
+                       }
 
                        len >>= 1;      
                        cmdp += 2;
@@ -612,7 +633,7 @@ int CmdLegicCalcCrc8(const char *Cmd){
        }
        //Validations
        if (errors){
-               if (data != NULL) free(data);
+               if (data) free(data);
                return usage_legic_calccrc8();
        }
        
@@ -625,7 +646,7 @@ int CmdLegicCalcCrc8(const char *Cmd){
                        break;
        }
        
-       if (data != NULL) free(data);
+       if (data) free(data);
        return 0;
 } 
  
Impressum, Datenschutz