crewID/libfreefare
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

mifare_cryto_postprocess_data: add safety checks

Browse source
This commit is contained in:
Philippe Teuwen 2014-01-27 18:24:55 +01:00
parent e797ee2a2e
commit dbb88cd184
1 changed files with 18 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
libfreefare/mifare_desfire_crypto.c
View file

@ -463,6 +463,15 @@ mifare_cryto_postprocess_data (MifareTag tag, void *data, ssize_t *nbytes, int c
case AS_LEGACY:
if (communication_settings & MAC_VERIFY) {
*nbytes -= key_macing_length (key);
if (*nbytes <= 0) {
*nbytes = -1;
res = NULL;
#ifdef WITH_DEBUG
warnx ("No room for MAC!");
abort ();
#endif
break;
}
edl = enciphered_data_length (tag, *nbytes - 1, communication_settings);
edata = malloc (edl);
@ -489,9 +498,13 @@ mifare_cryto_postprocess_data (MifareTag tag, void *data, ssize_t *nbytes, int c
break;
if (communication_settings & CMAC_VERIFY) {
if (*nbytes < 9) {
// XXX: Can't we avoid abort() -ing?
*nbytes = -1;
res = NULL;
#ifdef WITH_DEBUG
warnx ("No room for CMAC!");
abort ();
#endif
break;
}
first_cmac_byte = ((uint8_t *)data)[*nbytes - 9];
((uint8_t *)data)[*nbytes - 9] = ((uint8_t *)data)[*nbytes-1];
@ -560,6 +573,10 @@ mifare_cryto_postprocess_data (MifareTag tag, void *data, ssize_t *nbytes, int c
switch (MIFARE_DESFIRE (tag)->authentication_scheme) {
case AS_LEGACY:
crc_pos = *nbytes - 8 - 1; // The CRC can be over two blocks
if (crc_pos < 0) {
/* Single block */
crc_pos = 0;
}
break;
case AS_NEW:
/* Move status between payload and CRC */