From e537c3e894d12546b97eb61b572a97f6070e686c Mon Sep 17 00:00:00 2001
From: pwpiwi <pwpiwi@users.noreply.github.com>
Date: Sun, 12 Nov 2017 18:08:57 +0100
Subject: [PATCH 1/1] fix memory overflow in hf mf nested (issue #479)

---
 client/cmdhfmf.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index 83060b01..eed6b34c 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -527,7 +527,6 @@ int CmdHF14AMfRestore(const char *Cmd)
 //----------------------------------------------
 //   Nested
 //----------------------------------------------
-# define NESTED_KEY_COUNT 15
 
 static void parseParamTDS(const char *Cmd, const uint8_t indx, bool *paramT, bool *paramD, uint8_t *timeout) {
 	char ctmp3[3] = {0};
@@ -563,7 +562,7 @@ int CmdHF14AMfNested(const char *Cmd)
 	uint8_t trgKeyType = 0;
 	uint8_t SectorsCnt = 0;
 	uint8_t key[6] = {0, 0, 0, 0, 0, 0};
-	uint8_t keyBlock[NESTED_KEY_COUNT * 6];
+	uint8_t keyBlock[MifareDefaultKeysSize * 6];
 	uint64_t key64 = 0;
 	// timeout in units. (ms * 106)/10 or us*0.0106
 	uint8_t btimeout14a = MF_CHKKEYS_DEFTIMEOUT; // fast by default
@@ -713,7 +712,7 @@ int CmdHF14AMfNested(const char *Cmd)
 		}
 
 		PrintAndLog("Testing known keys. Sector count=%d", SectorsCnt);
-		mfCheckKeysSec(SectorsCnt, 2, btimeout14a, true, NESTED_KEY_COUNT, keyBlock, e_sector);
+		mfCheckKeysSec(SectorsCnt, 2, btimeout14a, true, MifareDefaultKeysSize, keyBlock, e_sector);
 		
 		// get known key from array
 		bool keyFound = false;
-- 
2.39.5