Describe the bug
I'm not sure if it's intended or not, there is a buffer overflow in lib/nfc_protocols/mifare_classic.c in mf_classic_read_block:
for(uint8_t i = 0; i < 18; i++) { block->value[i] = crypto1_byte(crypto, 0, 0) ^ tx_rx->rx_data[i]; }
where block->value is array of 16 bytes. Those remaining 2 bytes are actually CRC-16.
Expected behavior
Move 16, not 18 bytes to block->value and then check CRC-16.
skotopes
commented
2 years ago
Describe the bug I'm not sure if it's intended or not, there is a buffer overflow in lib/nfc_protocols/mifare_classic.c in mf_classic_read_block:
for(uint8_t i = 0; i < 18; i++) { block->value[i] = crypto1_byte(crypto, 0, 0) ^ tx_rx->rx_data[i]; }where block->value is array of 16 bytes. Those remaining 2 bytes are actually CRC-16.Expected behavior Move 16, not 18 bytes to block->value and then check CRC-16.