From e1ad67eaf252b9cf0e0aef9f02c13ce74d6ae546 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 16 Jan 2016 22:58:44 +0100 Subject: [PATCH 1/1] FIX: Coverity Scan fixes, a bunch of them. --- client/cmdhflegic.c | 2 +- client/cmdhftopaz.c | 5 +++-- client/cmdlfhid.c | 24 ++++++++---------------- client/cmdlft55xx.c | 4 ---- client/cmdlfti.c | 9 +++++---- client/reveng/model.c | 9 +++++++-- client/reveng/reveng.c | 4 +++- 7 files changed, 27 insertions(+), 30 deletions(-) diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c index 4e52c35c..8da1d8ea 100644 --- a/client/cmdhflegic.c +++ b/client/cmdhflegic.c @@ -58,7 +58,7 @@ int CmdLegicDecode(const char *Cmd) int crc = 0; int wrp = 0; int wrc = 0; - uint8_t data_buf[1052]; // receiver buffer + uint8_t data_buf[1053]; // receiver buffer char out_string[3076]; // just use big buffer - bad practice char token_type[4]; diff --git a/client/cmdhftopaz.c b/client/cmdhftopaz.c index 466af7c0..271f41b0 100644 --- a/client/cmdhftopaz.c +++ b/client/cmdhftopaz.c @@ -396,8 +396,9 @@ static command_t CommandTable[] = int CmdHFTopaz(const char *Cmd) { // flush - WaitForResponseTimeout(CMD_ACK,NULL,100); - + //WaitForResponseTimeout(CMD_ACK,NULL,100); + clearCommandBuffer(); + // parse CmdsParse(CommandTable, Cmd); return 0; diff --git a/client/cmdlfhid.c b/client/cmdlfhid.c index 02c2fdb7..85d72b67 100644 --- a/client/cmdlfhid.c +++ b/client/cmdlfhid.c @@ -166,12 +166,11 @@ static void getParity34(uint32_t *hi, uint32_t *lo){ *lo |= !result; } -static void getParity35(uint32_t *hi, uint32_t *lo){ - *hi = *hi; +static void getParity35(uint32_t *hi, uint32_t *lo){ } static void getParity37S(uint32_t *hi,uint32_t *lo){ uint32_t result = 0; - uint8_t i; + int i; // even parity for (i = 4; i >= 0; i--) @@ -295,7 +294,7 @@ int CmdHIDWiegand(const char *Cmd) { uint64_t cardnum = 0; uint8_t ctmp = param_getchar(Cmd, 0); - if ( strlen(Cmd) < 0 || strlen(Cmd) < 3 || ctmp == 'H' || ctmp == 'h' ) return usage_lf_hid_wiegand(); + if ( strlen(Cmd) == 0 || strlen(Cmd) < 3 || ctmp == 'H' || ctmp == 'h' ) return usage_lf_hid_wiegand(); oem = param_get8(Cmd, 0); fc = param_get32ex(Cmd, 1, 0, 10); @@ -311,7 +310,7 @@ int CmdHIDWiegand(const char *Cmd) { int CmdHIDBrute(const char *Cmd){ - bool error = FALSE; + bool error = TRUE; uint8_t fc = 0, fmtlen = 0; uint32_t hi = 0, lo = 0; @@ -321,20 +320,13 @@ int CmdHIDBrute(const char *Cmd){ if (strlen(Cmd) > 2 || strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_hid_brute(); fmtlen = param_get8(Cmd, 0); - switch(fmtlen){ - case 26: - case 33: - case 34: - case 35: - case 37: { + uint8_t ftms[] = {26,33,34,35,37}; + for ( uint8_t i = 0; i < sizeof(ftms); i++){ + if ( ftms[i] == fmtlen ) { error = FALSE; - break; - } - default: { - error = TRUE; - break; } } + if ( error ) return usage_lf_hid_brute(); fc = param_get8(Cmd, 1); diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index e10b24d0..b26973e6 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -1454,7 +1454,6 @@ int CmdT55xxBruteForce(const char *Cmd) { getchar(); printf("\naborted via keyboard!\n"); free(keyBlock); - free(p); return 0; } @@ -1466,7 +1465,6 @@ int CmdT55xxBruteForce(const char *Cmd) { if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) { PrintAndLog("Aquireing data from device failed. Quitting"); free(keyBlock); - free(p); return 0; } @@ -1475,13 +1473,11 @@ int CmdT55xxBruteForce(const char *Cmd) { if ( found ) { PrintAndLog("Found valid password: [%08X]", testpwd); free(keyBlock); - free(p); return 0; } } PrintAndLog("Password NOT found."); free(keyBlock); - free(p); return 0; } diff --git a/client/cmdlfti.c b/client/cmdlfti.c index 7b032840..66b2cd8b 100644 --- a/client/cmdlfti.c +++ b/client/cmdlfti.c @@ -280,11 +280,12 @@ int CmdTIWrite(const char *Cmd) res = sscanf(Cmd, "%012"llx" %012"llx" %012"llx"", &c.arg[0], &c.arg[1], &c.arg[2]); if (res == 2) c.arg[2]=0; - if (res < 2) + if (res < 2) { PrintAndLog("Please specify the data as two hex strings, optionally the CRC as a third"); - else - clearCommandBuffer(); - SendCommand(&c); + return 1; + } + clearCommandBuffer(); + SendCommand(&c); return 0; } diff --git a/client/reveng/model.c b/client/reveng/model.c index 2d45b2fe..6b346d35 100644 --- a/client/reveng/model.c +++ b/client/reveng/model.c @@ -592,8 +592,10 @@ mbynam(model_t *dest, const char *key) { if(!aliases->name) return(-1); - if(!(ukey = malloc((size_t) 1 + strlen(key)))) + if(!(ukey = malloc((size_t) 1 + strlen(key)))) { uerror("cannot allocate memory for comparison string"); + return(0); + } akey.name = uptr = ukey; do *uptr++ = toupper(*key); @@ -713,12 +715,15 @@ mtostr(const model_t *model) { void mmatch(model_t *model, int flags) { + + if(!model) return; + /* searches models[] for a model matching the argument, and links a name if found * if flags & M_OVERWR, copies the found model onto the argument. */ model_t *mptr; - if(!model) return; mptr = bsearch(model, models, NPRESETS, sizeof(model_t), (int (*)(const void *, const void *)) &mcmp); + if(mptr) { model->name = mptr->name; if(flags & M_OVERWR) diff --git a/client/reveng/reveng.c b/client/reveng/reveng.c index dd50987c..5cda62d1 100644 --- a/client/reveng/reveng.c +++ b/client/reveng/reveng.c @@ -141,8 +141,10 @@ reveng(const model_t *guess, const poly_t qpoly, int rflags, int args, const pol engini(&resc, &result, guess->spoly, guess->flags, args, argpolys); requit: - if(!(result = realloc(result, ++resc * sizeof(model_t)))) + if(!(result = realloc(result, ++resc * sizeof(model_t)))) { uerror("cannot reallocate result array"); + return NULL; + } rptr = result + resc - 1; rptr->spoly = pzero; rptr->init = pzero; -- 2.39.5