mount/flipperzero-firmware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NFC: fix memory corruption in nfc_worker_read_mifare_desfire (#1156)

Browse Source 
* NFC: fix memory corruption in nfc_worker_read_mifare_desfire
* NFC: if the NFC tag doesn't have apps or files, don't try to save them.
* NFC: make-format

Co-authored-by: Jack Doan <jackdoan@rivian.com>
Co-authored-by: Skorpionm <85568270+Skorpionm@users.noreply.github.com>
Co-authored-by: Nikolay Minaylov <nm29719@gmail.com>
Co-authored-by: あく <alleteam@gmail.com>
This commit is contained in:
Jack Doan 2022-04-25 09:59:48 -05:00 committed by GitHub
parent ce211f9a2b
commit 81aeda86db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
applications/nfc/nfc_device.c
View File

@ -262,6 +262,7 @@ static bool nfc_device_save_mifare_df_app(FlipperFormat* file, MifareDesfireAppl
file, app->key_settings, string_get_cstr(prefix))) file, app->key_settings, string_get_cstr(prefix)))
break; break;
} }
if(!app->file_head) break;
uint32_t n_files = 0; uint32_t n_files = 0;
for(MifareDesfireFile* f = app->file_head; f; f = f->next) { for(MifareDesfireFile* f = app->file_head; f; f = f->next) {
n_files++; n_files++;
@ -477,6 +478,7 @@ static bool nfc_device_save_mifare_df_data(FlipperFormat* file, NfcDevice* dev)
n_apps++; n_apps++;
} }
if(!flipper_format_write_uint32(file, "Application Count", &n_apps, 1)) break; if(!flipper_format_write_uint32(file, "Application Count", &n_apps, 1)) break;
if(n_apps == 0) break;
tmp = malloc(n_apps * 3); tmp = malloc(n_apps * 3);
int i = 0; int i = 0;
for(MifareDesfireApplication* app = data->app_head; app; app = app->next) { for(MifareDesfireApplication* app = data->app_head; app; app = app->next) {

2
applications/nfc/nfc_worker.c
View File

@ -540,6 +540,7 @@ void nfc_worker_read_mifare_desfire(NfcWorker* nfc_worker) {
FURI_LOG_W(TAG, "Bad DESFire GET_KEY_SETTINGS response"); FURI_LOG_W(TAG, "Bad DESFire GET_KEY_SETTINGS response");
free(data->master_key_settings); free(data->master_key_settings);
data->master_key_settings = NULL; data->master_key_settings = NULL;
continue;
} }
MifareDesfireKeyVersion** key_version_head = MifareDesfireKeyVersion** key_version_head =
@ -593,6 +594,7 @@ void nfc_worker_read_mifare_desfire(NfcWorker* nfc_worker) {
FURI_LOG_W(TAG, "Bad DESFire GET_KEY_SETTINGS response"); FURI_LOG_W(TAG, "Bad DESFire GET_KEY_SETTINGS response");
free(app->key_settings); free(app->key_settings);
app->key_settings = NULL; app->key_settings = NULL;
continue;
} }
MifareDesfireKeyVersion** key_version_head = &app->key_settings->key_version_head; MifareDesfireKeyVersion** key_version_head = &app->key_settings->key_version_head;