[libfreefare] push by yob...@gmail.com - mifare_cryto_postprocess_data: add safety checks on 2014-01-27 17:25 GMT
5 views
Skip to first unread message
libfr...@googlecode.com
Jan 27, 2014, 12:25:23 PM1/27/14
to nfc-tool...@googlegroups.com
Revision: dbb88cd18479
Author: Philippe Teuwen <yob...@gmail.com>
Date: Mon Jan 27 17:24:55 2014 UTC
Log: mifare_cryto_postprocess_data: add safety checks
http://code.google.com/p/libfreefare/source/detail?r=dbb88cd18479
Modified:
/libfreefare/mifare_desfire_crypto.c
=======================================
--- /libfreefare/mifare_desfire_crypto.c Mon May 14 14:28:07 2012 UTC
+++ /libfreefare/mifare_desfire_crypto.c Mon Jan 27 17:24:55 2014 UTC
@@ -463,6 +463,15 @@
case AS_LEGACY:
if (communication_settings & MAC_VERIFY) {
*nbytes -= key_macing_length (key);
+ if (*nbytes <= 0) {
+ *nbytes = -1;
+ res = NULL;
+#ifdef WITH_DEBUG
+ warnx ("No room for MAC!");
+ abort ();
+#endif
+ break;
+ }
edl = enciphered_data_length (tag, *nbytes - 1, communication_settings);
edata = malloc (edl);
@@ -489,9 +498,13 @@
break;
if (communication_settings & CMAC_VERIFY) {
if (*nbytes < 9) {
- // XXX: Can't we avoid abort() -ing?
+ *nbytes = -1;
+ res = NULL;
+#ifdef WITH_DEBUG
warnx ("No room for CMAC!");
abort ();
+#endif
+ break;
}
first_cmac_byte = ((uint8_t *)data)[*nbytes - 9];
((uint8_t *)data)[*nbytes - 9] = ((uint8_t *)data)[*nbytes-1];
@@ -560,6 +573,10 @@
switch (MIFARE_DESFIRE (tag)->authentication_scheme) {
case AS_LEGACY:
crc_pos = *nbytes - 8 - 1; // The CRC can be over two blocks
+ if (crc_pos < 0) {
+ /* Single block */
+ crc_pos = 0;
+ }
break;
case AS_NEW:
/* Move status between payload and CRC */
Author: Philippe Teuwen <yob...@gmail.com>
Date: Mon Jan 27 17:24:55 2014 UTC
Log: mifare_cryto_postprocess_data: add safety checks
http://code.google.com/p/libfreefare/source/detail?r=dbb88cd18479
Modified:
/libfreefare/mifare_desfire_crypto.c
=======================================
--- /libfreefare/mifare_desfire_crypto.c Mon May 14 14:28:07 2012 UTC
+++ /libfreefare/mifare_desfire_crypto.c Mon Jan 27 17:24:55 2014 UTC
@@ -463,6 +463,15 @@
case AS_LEGACY:
if (communication_settings & MAC_VERIFY) {
*nbytes -= key_macing_length (key);
+ if (*nbytes <= 0) {
+ *nbytes = -1;
+ res = NULL;
+#ifdef WITH_DEBUG
+ warnx ("No room for MAC!");
+ abort ();
+#endif
+ break;
+ }
edl = enciphered_data_length (tag, *nbytes - 1, communication_settings);
edata = malloc (edl);
@@ -489,9 +498,13 @@
break;
if (communication_settings & CMAC_VERIFY) {
if (*nbytes < 9) {
- // XXX: Can't we avoid abort() -ing?
+ *nbytes = -1;
+ res = NULL;
+#ifdef WITH_DEBUG
warnx ("No room for CMAC!");
abort ();
+#endif
+ break;
}
first_cmac_byte = ((uint8_t *)data)[*nbytes - 9];
((uint8_t *)data)[*nbytes - 9] = ((uint8_t *)data)[*nbytes-1];
@@ -560,6 +573,10 @@
switch (MIFARE_DESFIRE (tag)->authentication_scheme) {
case AS_LEGACY:
crc_pos = *nbytes - 8 - 1; // The CRC can be over two blocks
+ if (crc_pos < 0) {
+ /* Single block */
+ crc_pos = 0;
+ }
break;
case AS_NEW:
/* Move status between payload and CRC */
Reply all
Reply to author
Forward
0 new messages