Coverity Scan 133850, need to ask @jason about this one.

[proxmark3-svn] / client / cmdhflegic.c

diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c
index 731cead1097a5f80b0c56c104bfe81346b75b702..67085f8e5c02581abef45ee00c2b13c7918c5299 100644 (file)
--- a/client/cmdhflegic.c
+++ b/client/cmdhflegic.c
@@ -297,7 +297,7 @@ int CmdLegicDecode(const char *Cmd) {
                        i = 8;
 
                        wrp          = data_buf[7] & 0x0F;
                        i = 8;
 
                        wrp          = data_buf[7] & 0x0F;

-                       wrc          = (data_buf[7] & 0x07) >> 4;
+                       wrc          = (data_buf[7] & 0x07) >> 4; // ICEMAN 20160802, this will always be ZERO

 
                        bool hasWRC = (wrc > 0);
                        bool hasWRP = (wrp > wrc);
 
                        bool hasWRC = (wrc > 0);
                        bool hasWRP = (wrp > wrc);


@@ -570,20 +570,42 @@ int CmdLegicCalcCrc8(const char *Cmd){
        uint8_t cmdp = 0, uidcrc = 0, type=0;
        bool errors = false;
        int len = 0;
        uint8_t cmdp = 0, uidcrc = 0, type=0;
        bool errors = false;
        int len = 0;

+       int bg, en;

        
        while(param_getchar(Cmd, cmdp) != 0x00) {
                switch(param_getchar(Cmd, cmdp)) {
                case 'b':
                case 'B':
        
        while(param_getchar(Cmd, cmdp) != 0x00) {
                switch(param_getchar(Cmd, cmdp)) {
                case 'b':
                case 'B':

-                       data = malloc(len);
+                       // peek at length of the input string so we can
+                       // figure out how many elements to malloc in "data"
+                       bg=en=0;
+                       if (param_getptr(Cmd, &bg, &en, cmdp+1)) {
+                               errors = true;
+                               break;
+                       }
+                       len = (en - bg + 1);
+
+                       // check that user entered even number of characters
+                       // for hex data string
+                       if (len & 1) {
+                               errors = true;
+                               break;
+                       }
+
+                       // it's possible for user to accidentally enter "b" parameter
+                       // more than once - we have to clean previous malloc
+                       if (data) free(data);
+                       data = malloc(len >> 1);

                        if ( data == NULL ) {
                                PrintAndLog("Can't allocate memory. exiting");
                                errors = true;
                                break;
                        if ( data == NULL ) {
                                PrintAndLog("Can't allocate memory. exiting");
                                errors = true;
                                break;

-                       }                       
-                       param_gethex_ex(Cmd, cmdp+1, data, &len);
-                       // if odd symbols, (hexbyte must be two symbols)
-                       if ( len & 1 ) errors = true;
+                       }
+                       
+                       if (param_gethex(Cmd, cmdp+1, data, len)) {
+                               errors = true;
+                               break;
+                       }

 
                        len >>= 1;      
                        cmdp += 2;
 
                        len >>= 1;      
                        cmdp += 2;