From e1ad67eaf252b9cf0e0aef9f02c13ce74d6ae546 Mon Sep 17 00:00:00 2001
From: iceman1001 <iceman@iuse.se>
Date: Sat, 16 Jan 2016 22:58:44 +0100
Subject: [PATCH 1/1] FIX: Coverity Scan fixes, a bunch of them.
---
client/cmdhflegic.c | 2 +-
client/cmdhftopaz.c | 5 +++--
client/cmdlfhid.c | 24 ++++++++----------------
client/cmdlft55xx.c | 4 ----
client/cmdlfti.c | 9 +++++----
client/reveng/model.c | 9 +++++++--
client/reveng/reveng.c | 4 +++-
7 files changed, 27 insertions(+), 30 deletions(-)
diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c
index 4e52c35c..8da1d8ea 100644
--- a/client/cmdhflegic.c
+++ b/client/cmdhflegic.c
@@ -58,7 +58,7 @@ int CmdLegicDecode(const char *Cmd)
int crc = 0;
int wrp = 0;
int wrc = 0;
- uint8_t data_buf[1052]; // receiver buffer
+ uint8_t data_buf[1053]; // receiver buffer
char out_string[3076]; // just use big buffer - bad practice
char token_type[4];
diff --git a/client/cmdhftopaz.c b/client/cmdhftopaz.c
index 466af7c0..271f41b0 100644
--- a/client/cmdhftopaz.c
+++ b/client/cmdhftopaz.c
@@ -396,8 +396,9 @@ static command_t CommandTable[] =
int CmdHFTopaz(const char *Cmd) {
// flush
- WaitForResponseTimeout(CMD_ACK,NULL,100);
-
+ //WaitForResponseTimeout(CMD_ACK,NULL,100);
+ clearCommandBuffer();
+
// parse
CmdsParse(CommandTable, Cmd);
return 0;
diff --git a/client/cmdlfhid.c b/client/cmdlfhid.c
index 02c2fdb7..85d72b67 100644
--- a/client/cmdlfhid.c
+++ b/client/cmdlfhid.c
@@ -166,12 +166,11 @@ static void getParity34(uint32_t *hi, uint32_t *lo){
*lo |= !result;
}
-static void getParity35(uint32_t *hi, uint32_t *lo){
- *hi = *hi;
+static void getParity35(uint32_t *hi, uint32_t *lo){
}
static void getParity37S(uint32_t *hi,uint32_t *lo){
uint32_t result = 0;
- uint8_t i;
+ int i;
// even parity
for (i = 4; i >= 0; i--)
@@ -295,7 +294,7 @@ int CmdHIDWiegand(const char *Cmd) {
uint64_t cardnum = 0;
uint8_t ctmp = param_getchar(Cmd, 0);
- if ( strlen(Cmd) < 0 || strlen(Cmd) < 3 || ctmp == 'H' || ctmp == 'h' ) return usage_lf_hid_wiegand();
+ if ( strlen(Cmd) == 0 || strlen(Cmd) < 3 || ctmp == 'H' || ctmp == 'h' ) return usage_lf_hid_wiegand();
oem = param_get8(Cmd, 0);
fc = param_get32ex(Cmd, 1, 0, 10);
@@ -311,7 +310,7 @@ int CmdHIDWiegand(const char *Cmd) {
int CmdHIDBrute(const char *Cmd){
- bool error = FALSE;
+ bool error = TRUE;
uint8_t fc = 0, fmtlen = 0;
uint32_t hi = 0, lo = 0;
@@ -321,20 +320,13 @@ int CmdHIDBrute(const char *Cmd){
if (strlen(Cmd) > 2 || strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_hid_brute();
fmtlen = param_get8(Cmd, 0);
- switch(fmtlen){
- case 26:
- case 33:
- case 34:
- case 35:
- case 37: {
+ uint8_t ftms[] = {26,33,34,35,37};
+ for ( uint8_t i = 0; i < sizeof(ftms); i++){
+ if ( ftms[i] == fmtlen ) {
error = FALSE;
- break;
- }
- default: {
- error = TRUE;
- break;
}
}
+
if ( error ) return usage_lf_hid_brute();
fc = param_get8(Cmd, 1);
diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c
index e10b24d0..b26973e6 100644
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@@ -1454,7 +1454,6 @@ int CmdT55xxBruteForce(const char *Cmd) {
getchar();
printf("\naborted via keyboard!\n");
free(keyBlock);
- free(p);
return 0;
}
@@ -1466,7 +1465,6 @@ int CmdT55xxBruteForce(const char *Cmd) {
if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {
PrintAndLog("Aquireing data from device failed. Quitting");
free(keyBlock);
- free(p);
return 0;
}
@@ -1475,13 +1473,11 @@ int CmdT55xxBruteForce(const char *Cmd) {
if ( found ) {
PrintAndLog("Found valid password: [%08X]", testpwd);
free(keyBlock);
- free(p);
return 0;
}
}
PrintAndLog("Password NOT found.");
free(keyBlock);
- free(p);
return 0;
}
diff --git a/client/cmdlfti.c b/client/cmdlfti.c
index 7b032840..66b2cd8b 100644
--- a/client/cmdlfti.c
+++ b/client/cmdlfti.c
@@ -280,11 +280,12 @@ int CmdTIWrite(const char *Cmd)
res = sscanf(Cmd, "%012"llx" %012"llx" %012"llx"", &c.arg[0], &c.arg[1], &c.arg[2]);
if (res == 2) c.arg[2]=0;
- if (res < 2)
+ if (res < 2) {
PrintAndLog("Please specify the data as two hex strings, optionally the CRC as a third");
- else
- clearCommandBuffer();
- SendCommand(&c);
+ return 1;
+ }
+ clearCommandBuffer();
+ SendCommand(&c);
return 0;
}
diff --git a/client/reveng/model.c b/client/reveng/model.c
index 2d45b2fe..6b346d35 100644
--- a/client/reveng/model.c
+++ b/client/reveng/model.c
@@ -592,8 +592,10 @@ mbynam(model_t *dest, const char *key) {
if(!aliases->name)
return(-1);
- if(!(ukey = malloc((size_t) 1 + strlen(key))))
+ if(!(ukey = malloc((size_t) 1 + strlen(key)))) {
uerror("cannot allocate memory for comparison string");
+ return(0);
+ }
akey.name = uptr = ukey;
do
*uptr++ = toupper(*key);
@@ -713,12 +715,15 @@ mtostr(const model_t *model) {
void
mmatch(model_t *model, int flags) {
+
+ if(!model) return;
+
/* searches models[] for a model matching the argument, and links a name if found
* if flags & M_OVERWR, copies the found model onto the argument. */
model_t *mptr;
- if(!model) return;
mptr = bsearch(model, models, NPRESETS, sizeof(model_t), (int (*)(const void *, const void *)) &mcmp);
+
if(mptr) {
model->name = mptr->name;
if(flags & M_OVERWR)
diff --git a/client/reveng/reveng.c b/client/reveng/reveng.c
index dd50987c..5cda62d1 100644
--- a/client/reveng/reveng.c
+++ b/client/reveng/reveng.c
@@ -141,8 +141,10 @@ reveng(const model_t *guess, const poly_t qpoly, int rflags, int args, const pol
engini(&resc, &result, guess->spoly, guess->flags, args, argpolys);
requit:
- if(!(result = realloc(result, ++resc * sizeof(model_t))))
+ if(!(result = realloc(result, ++resc * sizeof(model_t)))) {
uerror("cannot reallocate result array");
+ return NULL;
+ }
rptr = result + resc - 1;
rptr->spoly = pzero;
rptr->init = pzero;
--
2.39.5