[libnfc] push by yob...@gmail.com - Fix out-of-bounds access in nfc-mfultralight unveiled by coverity scan... on 2014-04-14 21:33 GMT
2 views
Skip to first unread message
lib...@googlecode.com
Apr 14, 2014, 5:34:55 PM4/14/14
to libnfc-...@googlegroups.com
Revision: bb9babbedab8
Author: Philippe Teuwen <yob...@gmail.com>
Date: Mon Apr 14 21:26:44 2014 UTC
Log: Fix out-of-bounds access in nfc-mfultralight unveiled by coverity
scan:
*** CID 1090333: Out-of-bounds access (OVERRUN)
http://code.google.com/p/libnfc/source/detail?r=bb9babbedab8
Modified:
/ChangeLog
/utils/nfc-mfultralight.c
=======================================
--- /ChangeLog Tue Mar 11 23:35:43 2014 UTC
+++ /ChangeLog Mon Apr 14 21:26:44 2014 UTC
@@ -4,6 +4,7 @@
- Remove unreachable code
- nfc_emulate_uid: cleaner exit on interrupt
- Fix reporting of modulations and baud rates by nfc-scan-device -v
+ - Fix out-of-bounds access in nfc-mfultralight
Improvements:
- Allow ISO14443A to be used at higher baud rates
=======================================
--- /utils/nfc-mfultralight.c Sat Aug 31 15:35:41 2013 UTC
+++ /utils/nfc-mfultralight.c Mon Apr 14 21:26:44 2014 UTC
@@ -168,7 +168,8 @@
// page (4 bytes). The Ultralight-specific Write command only
// writes one page at a time.
uiBlock = page / 4;
- memcpy(mp.mpd.abtData, mtDump.amb[uiBlock].mbd.abtData + ((page % 4) *
4), 16);
+ memcpy(mp.mpd.abtData, mtDump.amb[uiBlock].mbd.abtData + ((page % 4) *
4), 4);
+ memset(mp.mpd.abtData + 4, 0, 12);
if (!nfc_initiator_mifare_cmd(pnd, MC_WRITE, page, &mp))
bFailure = true;
Author: Philippe Teuwen <yob...@gmail.com>
Date: Mon Apr 14 21:26:44 2014 UTC
Log: Fix out-of-bounds access in nfc-mfultralight unveiled by coverity
scan:
*** CID 1090333: Out-of-bounds access (OVERRUN)
http://code.google.com/p/libnfc/source/detail?r=bb9babbedab8
Modified:
/ChangeLog
/utils/nfc-mfultralight.c
=======================================
--- /ChangeLog Tue Mar 11 23:35:43 2014 UTC
+++ /ChangeLog Mon Apr 14 21:26:44 2014 UTC
@@ -4,6 +4,7 @@
- Remove unreachable code
- nfc_emulate_uid: cleaner exit on interrupt
- Fix reporting of modulations and baud rates by nfc-scan-device -v
+ - Fix out-of-bounds access in nfc-mfultralight
Improvements:
- Allow ISO14443A to be used at higher baud rates
=======================================
--- /utils/nfc-mfultralight.c Sat Aug 31 15:35:41 2013 UTC
+++ /utils/nfc-mfultralight.c Mon Apr 14 21:26:44 2014 UTC
@@ -168,7 +168,8 @@
// page (4 bytes). The Ultralight-specific Write command only
// writes one page at a time.
uiBlock = page / 4;
- memcpy(mp.mpd.abtData, mtDump.amb[uiBlock].mbd.abtData + ((page % 4) *
4), 16);
+ memcpy(mp.mpd.abtData, mtDump.amb[uiBlock].mbd.abtData + ((page % 4) *
4), 4);
+ memset(mp.mpd.abtData + 4, 0, 12);
if (!nfc_initiator_mifare_cmd(pnd, MC_WRITE, page, &mp))
bFailure = true;
Reply all
Reply to author
Forward
0 new messages