search

amheydari / proxmark3

Automatically exported from code.google.com/p/proxmark3
GNU General Public License v2.0
0 stars 0 forks source link

Three instances of buffer corruption #43

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

Use latest firmware, do hf mf mifare, par_list will start with "00 00"

See http://www.proxmark.org/forum/viewtopic.php?pid=7141#p7141

A function (iso14443a_select_card) took a pointer to a local variable. The 
variable was 8 bytes, but 10 bytes of memory was cleared - and there was much 
confusion, since another local variable (par_list) was affected, even though it 
wasn't even used in the call. 

Proposed patch:

$ svn diff armsrc/iso14443a.c
Index: armsrc/iso14443a.c
===================================================================
--- armsrc/iso14443a.c  (revision 709)
+++ armsrc/iso14443a.c  (working copy)
@@ -1625,7 +1625,7 @@

   // clear uid
   if (uid_ptr) {
-    memset(uid_ptr,0,10);
+    memset(uid_ptr,0,8);
   }

   // OK we will select at least at cascade 1, lets see if first byte of UID was 0x88 in

Original issue reported on code.google.com by martin.holst on 7 May 2013 at 6:57

GoogleCodeExporter commented 9 years ago 
Title should have been "One instance of buffer corruption", I put the other two 
in a separate bug.

Original comment by martin.holst on 7 May 2013 at 7:00

GoogleCodeExporter commented 9 years ago 
Fixed in r710

Original comment by martin.holst on 11 May 2013 at 12:45