dandri/proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2026-05-17 09:15:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

added extra length checks

Browse Source
This commit is contained in:
iceman1001
2026-03-24 11:13:19 +07:00
parent c23140585d
commit 7c11ff5330
1 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
armsrc/seos.c
+16 -2
View File
@@ -367,9 +367,16 @@ void SimulateSeos(seos_emulate_req_t *msg) {
// Check all requested OIDs and see if we support any
uint8_t tlv_offset = 0;
while (tlv_offset < received_tlv_len) {
while (tlv_offset + 2 <= received_tlv_len) {
uint8_t tag = received_tlv[tlv_offset++];
uint8_t length = received_tlv[tlv_offset++];
if (length > received_tlv_len - tlv_offset) {
break;
}
uint8_t *value = &received_tlv[tlv_offset];
if (tag == 0x06) {
if (length == msg->oid_len && memcmp(value, msg->oid, length) == 0) {
@@ -615,9 +622,15 @@ void SimulateSeos(seos_emulate_req_t *msg) {
// Check all requested OIDs and see if we support any
uint8_t tlv_offset = 0;
while (tlv_offset < received_tlv_len) {
while (tlv_offset + 2 <= received_tlv_len) {
uint8_t tag = received_tlv[tlv_offset];
uint8_t length = received_tlv[tlv_offset + 1];
if (length > received_tlv_len - tlv_offset - 2) {
break;
}
uint8_t *value = &received_tlv[tlv_offset + 2];
if (tag == 0x85) {
@@ -628,6 +641,7 @@ void SimulateSeos(seos_emulate_req_t *msg) {
recvd_cmac_length = length;
recvd_cmac_offset = tlv_offset;
}
tlv_offset += 2 + length;
}