tyler.durden/pixiewps
1
0
Fork 0
mirror of https://github.com/wiire-a/pixiewps.git synced 2025-07-28 08:14:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed potential integer overflow

Browse Source 
The variable 'i' was of type uint_fast8_t which most compiler typedef as
unsigned char or uint8_t which both (in C99) can hold a number between 0
and 255. This could cause an integer overflow when seed was found in
mode 3 but the the program was unsuccessful to recover the PIN within
the first 255 tries of the first time window set in the future.

This bug was introduced when the constant MODE3_TRIES was increased to
10 minutes (60 * 10 = 600 which is > 255) in commit (d3e4aab).
This commit is contained in:
wiire-a 2017-11-13 11:15:34 +01:00
parent 0b56be18c7
commit 81301b7e71
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/pixiewps.c
View File

@ -901,7 +901,7 @@ usage_err:
if (nonce_seed) { /* Seed found */ if (nonce_seed) { /* Seed found */
int32_t res; int32_t res;
uint_fast8_t i = 0; int i = 0; /* Must hold MODE3_TRIES */
uint8_t tmp_s_nonce[16]; uint8_t tmp_s_nonce[16];
DEBUG_PRINT("Trying forward in time"); DEBUG_PRINT("Trying forward in time");