]> cvs.zerfleddert.de Git - proxmark3-svn/commitdiff
lf t55 bruteforce lots of resource leaks...
authormarshmellow42 <marshmellowrf@gmail.com>
Sun, 14 Feb 2016 18:37:05 +0000 (13:37 -0500)
committermarshmellow42 <marshmellowrf@gmail.com>
Sun, 14 Feb 2016 18:37:05 +0000 (13:37 -0500)
plus strlen(Cmd) can never be less than 0
iceman1001 fixes...

client/cmdlft55xx.c
client/cmdlfviking.c

index 348cb229d062501ef269c9946faea68095bdfa7a..5d797edc58ff15f6954c8bd2471f1114b6f516f1 100644 (file)
@@ -1371,11 +1371,9 @@ int CmdT55xxBruteForce(const char *Cmd) {
        char buf[9];\r
        char filename[FILE_PATH_SIZE]={0};\r
        int keycnt = 0;\r
+       int ch;\r
        uint8_t stKeyBlock = 20;\r
-       uint8_t *keyBlock = NULL, *p;\r
-       keyBlock = calloc(stKeyBlock, 6);\r
-       if (keyBlock == NULL) return 1;\r
-\r
+       uint8_t *keyBlock = NULL, *p = NULL;\r
        uint32_t start_password = 0x00000000; //start password\r
        uint32_t end_password   = 0xFFFFFFFF; //end   password\r
        bool found = false;\r
@@ -1383,6 +1381,9 @@ int CmdT55xxBruteForce(const char *Cmd) {
        char cmdp = param_getchar(Cmd, 0);\r
        if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
 \r
+       keyBlock = calloc(stKeyBlock, 6);\r
+       if (keyBlock == NULL) return 1;\r
+\r
        if (cmdp == 'i' || cmdp == 'I') {\r
 \r
                int len = strlen(Cmd+2);\r
@@ -1417,6 +1418,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
                                if (!p) {\r
                                        PrintAndLog("Cannot allocate memory for defaultKeys");\r
                                        free(keyBlock);\r
+                                       fclose(f);\r
                                        return 2;\r
                                }\r
                                keyBlock = p;\r
@@ -1431,6 +1433,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
                \r
                if (keycnt == 0) {\r
                        PrintAndLog("No keys found in file");\r
+                       free(keyBlock);\r
                        return 1;\r
                }\r
                PrintAndLog("Loaded %d keys", keycnt);\r
@@ -1440,8 +1443,10 @@ int CmdT55xxBruteForce(const char *Cmd) {
                for (uint16_t c = 0; c < keycnt; ++c ) {\r
 \r
                        if (ukbhit()) {\r
-                               getchar();\r
+                               ch = getchar();\r
+                               (void)ch;\r
                                printf("\naborted via keyboard!\n");\r
+                               free(keyBlock);\r
                                return 0;\r
                        }\r
 \r
@@ -1451,6 +1456,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
 \r
                        if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {\r
                                PrintAndLog("Aquireing data from device failed. Quitting");\r
+                               free(keyBlock);\r
                                return 0;\r
                        }\r
 \r
@@ -1458,10 +1464,12 @@ int CmdT55xxBruteForce(const char *Cmd) {
 \r
                        if ( found ) {\r
                                PrintAndLog("Found valid password: [%08X]", testpwd);\r
+                               free(keyBlock);\r
                                return 0;\r
                        }\r
                }\r
                PrintAndLog("Password NOT found.");\r
+               free(keyBlock);\r
                return 0;\r
        }\r
 \r
@@ -1471,8 +1479,10 @@ int CmdT55xxBruteForce(const char *Cmd) {
        start_password = param_get32ex(Cmd, 0, 0, 16);\r
        end_password = param_get32ex(Cmd, 1, 0, 16);\r
 \r
-       if ( start_password >= end_password ) return usage_t55xx_bruteforce();\r
-\r
+       if ( start_password >= end_password ) {\r
+               free(keyBlock);\r
+               return usage_t55xx_bruteforce();\r
+       }\r
        PrintAndLog("Search password range [%08X -> %08X]", start_password, end_password);\r
 \r
        uint32_t i = start_password;\r
@@ -1482,13 +1492,16 @@ int CmdT55xxBruteForce(const char *Cmd) {
                printf(".");\r
                fflush(stdout);\r
                if (ukbhit()) {\r
-                       getchar();\r
+                       ch = getchar();\r
+                       (void)ch;\r
                        printf("\naborted via keyboard!\n");\r
+                       free(keyBlock);\r
                        return 0;\r
                }\r
 \r
                if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {\r
                        PrintAndLog("Aquireing data from device failed. Quitting");\r
+                       free(keyBlock);\r
                        return 0;\r
                }\r
                found = tryDetectModulation();\r
@@ -1503,6 +1516,8 @@ int CmdT55xxBruteForce(const char *Cmd) {
                PrintAndLog("Found valid password: [%08x]", i);\r
        else\r
                PrintAndLog("Password NOT found. Last tried: [%08x]", --i);\r
+\r
+       free(keyBlock);\r
        return 0;\r
 }\r
 \r
index 8c0656d2b31be6a9590e7161d4f77aba901df0b2..5c0e590c224c36b991d2cfbc720e91783908ec38 100644 (file)
@@ -66,7 +66,7 @@ int CmdVikingClone(const char *Cmd) {
        uint64_t rawID = 0;
        bool Q5 = false;
        char cmdp = param_getchar(Cmd, 0);
-       if (strlen(Cmd) < 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_viking_clone();
+       if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_viking_clone();
 
        id = param_get32ex(Cmd, 0, 0, 16);
        if (id == 0) return usage_lf_viking_clone();
@@ -74,8 +74,8 @@ int CmdVikingClone(const char *Cmd) {
                Q5 = true;
 
        rawID = getVikingBits(id);
-       PrintAndLog("Cloning - ID: %08X, Raw: %08X%08X",id,(uint32_t)(rawID >> 32),(uint32_t) (rawID & 0xFFFFFFFF));
-       UsbCommand c = {CMD_VIKING_CLONE_TAG,{rawID >> 32, rawID & 0xFFFFFFFF, Q5}};
+
+       UsbCommand c = {CMD_VIKING_CLONE_TAG,{rawID >> 32, rawID & 0xFFFF, Q5}};
        clearCommandBuffer();
        SendCommand(&c);
        //check for ACK
@@ -89,7 +89,7 @@ int CmdVikingSim(const char *Cmd) {
        uint8_t clk = 32, encoding = 1, separator = 0, invert = 0;
        char cmdp = param_getchar(Cmd, 0);
 
-       if (strlen(Cmd) < 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_viking_sim();
+       if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_viking_sim();
        id = param_get32ex(Cmd, 0, 0, 16);
        if (id == 0) return usage_lf_viking_sim();
 
Impressum, Datenschutz