bug in libfreefare -

[GoogleCodeExporter]

mifare_cryto_postprocess_data:
        if (memcmp (crc, crc_ref, 4)) {
#if WITH_DEBUG
        warnx ("AES CRC32 not verified in AES stream");
        hexdump (crc_ref, 4, "Expect ", 0);
        hexdump (crc, 4, "Actual ", 0);
#endif
        MIFARE_DESFIRE (tag)->last_pcd_error = CRYPTO_ERROR;
        *nbytes = -1;
        res = NULL;
        }
        *nbytes = p - (uint8_t *)res;
--------
mifare_desfire_get_value_ex:
    p = mifare_cryto_postprocess_data (tag, res, &sn, cs | CMAC_COMMAND | CMAC_VERIFY | MAC_VERIFY);

    *value = le32toh (*(int32_t *)(p));
-------
in case of error : AES CRC32 not verified in AES stream
there will be GPF

probably there should be something like:
    if (!p)
    return errno = EINVAL, -1;

Original issue reported on code.google.com by ervin.ka...@gmail.com on 5 Apr 2011 at 9:16

[GoogleCodeExporter]

Original comment by romu...@libnfc.org on 21 Apr 2011 at 9:14

• Added labels: Component-libfreefare

[GoogleCodeExporter]

I'll take it!

Original comment by romain.t...@gmail.com on 23 Apr 2011 at 3:33

• Changed state: Started

[GoogleCodeExporter]

This issue was closed by revision r788.

Original comment by rtarti...@il4p.fr on 23 Apr 2011 at 4:01

• Changed state: Fixed