mirror of
https://github.com/DarkFlippers/unleashed-firmware.git
synced 2024-12-25 06:13:14 +03:00
Fix buffer overflow in mifare classic lib #1374
This commit is contained in:
parent
e147b2ceea
commit
ece142a667
@ -386,11 +386,25 @@ bool mf_classic_read_block(
|
||||
tx_rx->tx_rx_type = FuriHalNfcTxRxTypeRaw;
|
||||
|
||||
if(furi_hal_nfc_tx_rx(tx_rx, 50)) {
|
||||
if(tx_rx->rx_bits == 8 * 18) {
|
||||
for(uint8_t i = 0; i < 18; i++) {
|
||||
block->value[i] = crypto1_byte(crypto, 0, 0) ^ tx_rx->rx_data[i];
|
||||
if(tx_rx->rx_bits == 8 * (MF_CLASSIC_BLOCK_SIZE + 2)) {
|
||||
uint8_t block_received[MF_CLASSIC_BLOCK_SIZE + 2];
|
||||
for(uint8_t i = 0; i < MF_CLASSIC_BLOCK_SIZE + 2; i++) {
|
||||
block_received[i] = crypto1_byte(crypto, 0, 0) ^ tx_rx->rx_data[i];
|
||||
}
|
||||
uint16_t crc_calc = nfca_get_crc16(block_received, MF_CLASSIC_BLOCK_SIZE);
|
||||
uint16_t crc_received = (block_received[MF_CLASSIC_BLOCK_SIZE + 1] << 8) |
|
||||
block_received[MF_CLASSIC_BLOCK_SIZE];
|
||||
if(crc_received != crc_calc) {
|
||||
FURI_LOG_E(
|
||||
TAG,
|
||||
"Incorrect CRC while reading block %d. Expected %04X, Received %04X",
|
||||
block_num,
|
||||
crc_received,
|
||||
crc_calc);
|
||||
} else {
|
||||
memcpy(block->value, block_received, MF_CLASSIC_BLOCK_SIZE);
|
||||
read_block_success = true;
|
||||
}
|
||||
read_block_success = true;
|
||||
}
|
||||
}
|
||||
return read_block_success;
|
||||
|
Loading…
Reference in New Issue
Block a user