From 3360f818a1d10771c2e70616ddedccca37d33a86 Mon Sep 17 00:00:00 2001
From: Max Lapan <max.lapan@gmail.com>
Date: Tue, 20 Sep 2022 07:29:10 +0200
Subject: [PATCH] Subghz: Adding checks for get_upload functions (#1704)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Adding checks for get_upload functions
  Almost in every protocol, function which generates upload might fail and return false.
  But we don't check this result, which might end up sending random memory contents to the air.
* Format sources and fix crash on ivalid bit count in chamberlain

Co-authored-by: あく <alleteam@gmail.com>
---
 lib/subghz/protocols/bett.c             | 2 +-
 lib/subghz/protocols/came.c             | 2 +-
 lib/subghz/protocols/chamberlain_code.c | 4 ++--
 lib/subghz/protocols/clemsa.c           | 2 +-
 lib/subghz/protocols/doitrand.c         | 2 +-
 lib/subghz/protocols/gate_tx.c          | 2 +-
 lib/subghz/protocols/holtek.c           | 2 +-
 lib/subghz/protocols/honeywell_wdb.c    | 2 +-
 lib/subghz/protocols/hormann.c          | 2 +-
 lib/subghz/protocols/intertechno_v3.c   | 2 +-
 lib/subghz/protocols/keeloq.c           | 2 +-
 lib/subghz/protocols/linear.c           | 2 +-
 lib/subghz/protocols/magellen.c         | 2 +-
 lib/subghz/protocols/megacode.c         | 2 +-
 lib/subghz/protocols/nero_radio.c       | 2 +-
 lib/subghz/protocols/nero_sketch.c      | 2 +-
 lib/subghz/protocols/nice_flo.c         | 2 +-
 lib/subghz/protocols/phoenix_v2.c       | 2 +-
 lib/subghz/protocols/princeton.c        | 2 +-
 19 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/lib/subghz/protocols/bett.c b/lib/subghz/protocols/bett.c
index 08080dc6..c8070257 100644
--- a/lib/subghz/protocols/bett.c
+++ b/lib/subghz/protocols/bett.c
@@ -173,7 +173,7 @@ bool subghz_protocol_encoder_bett_deserialize(void* context, FlipperFormat* flip
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_bett_get_upload(instance);
+        if(!subghz_protocol_encoder_bett_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/came.c b/lib/subghz/protocols/came.c
index 14c66b7f..53d3d078 100644
--- a/lib/subghz/protocols/came.c
+++ b/lib/subghz/protocols/came.c
@@ -162,7 +162,7 @@ bool subghz_protocol_encoder_came_deserialize(void* context, FlipperFormat* flip
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_came_get_upload(instance);
+        if(!subghz_protocol_encoder_came_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/chamberlain_code.c b/lib/subghz/protocols/chamberlain_code.c
index 51f2bcd3..66d230d1 100644
--- a/lib/subghz/protocols/chamberlain_code.c
+++ b/lib/subghz/protocols/chamberlain_code.c
@@ -155,7 +155,7 @@ static bool
         break;
 
     default:
-        furi_crash(TAG " unknown protocol.");
+        FURI_LOG_E(TAG, "Invalid bits count");
         return false;
         break;
     }
@@ -224,7 +224,7 @@ bool subghz_protocol_encoder_chamb_code_deserialize(void* context, FlipperFormat
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_chamb_code_get_upload(instance);
+        if(!subghz_protocol_encoder_chamb_code_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/clemsa.c b/lib/subghz/protocols/clemsa.c
index 357a0b06..33734693 100644
--- a/lib/subghz/protocols/clemsa.c
+++ b/lib/subghz/protocols/clemsa.c
@@ -173,7 +173,7 @@ bool subghz_protocol_encoder_clemsa_deserialize(void* context, FlipperFormat* fl
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_clemsa_get_upload(instance);
+        if(!subghz_protocol_encoder_clemsa_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/doitrand.c b/lib/subghz/protocols/doitrand.c
index 9a0a5819..9122c193 100644
--- a/lib/subghz/protocols/doitrand.c
+++ b/lib/subghz/protocols/doitrand.c
@@ -154,7 +154,7 @@ bool subghz_protocol_encoder_doitrand_deserialize(void* context, FlipperFormat*
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_doitrand_get_upload(instance);
+        if(!subghz_protocol_encoder_doitrand_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/gate_tx.c b/lib/subghz/protocols/gate_tx.c
index d7efb386..56c224ae 100644
--- a/lib/subghz/protocols/gate_tx.c
+++ b/lib/subghz/protocols/gate_tx.c
@@ -147,7 +147,7 @@ bool subghz_protocol_encoder_gate_tx_deserialize(void* context, FlipperFormat* f
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_gate_tx_get_upload(instance);
+        if(!subghz_protocol_encoder_gate_tx_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/holtek.c b/lib/subghz/protocols/holtek.c
index 137ba85d..5cd16063 100644
--- a/lib/subghz/protocols/holtek.c
+++ b/lib/subghz/protocols/holtek.c
@@ -160,7 +160,7 @@ bool subghz_protocol_encoder_holtek_deserialize(void* context, FlipperFormat* fl
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_holtek_get_upload(instance);
+        if(!subghz_protocol_encoder_holtek_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/honeywell_wdb.c b/lib/subghz/protocols/honeywell_wdb.c
index e1e21426..451a13f5 100644
--- a/lib/subghz/protocols/honeywell_wdb.c
+++ b/lib/subghz/protocols/honeywell_wdb.c
@@ -162,7 +162,7 @@ bool subghz_protocol_encoder_honeywell_wdb_deserialize(
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_honeywell_wdb_get_upload(instance);
+        if(!subghz_protocol_encoder_honeywell_wdb_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/hormann.c b/lib/subghz/protocols/hormann.c
index 0197f59e..d78bc927 100644
--- a/lib/subghz/protocols/hormann.c
+++ b/lib/subghz/protocols/hormann.c
@@ -163,7 +163,7 @@ bool subghz_protocol_encoder_hormann_deserialize(void* context, FlipperFormat* f
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_hormann_get_upload(instance);
+        if(!subghz_protocol_encoder_hormann_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/intertechno_v3.c b/lib/subghz/protocols/intertechno_v3.c
index e70bb8c8..ffe52e87 100644
--- a/lib/subghz/protocols/intertechno_v3.c
+++ b/lib/subghz/protocols/intertechno_v3.c
@@ -179,7 +179,7 @@ bool subghz_protocol_encoder_intertechno_v3_deserialize(
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_intertechno_v3_get_upload(instance);
+        if(!subghz_protocol_encoder_intertechno_v3_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/keeloq.c b/lib/subghz/protocols/keeloq.c
index 0321a876..99b3c5fb 100644
--- a/lib/subghz/protocols/keeloq.c
+++ b/lib/subghz/protocols/keeloq.c
@@ -280,7 +280,7 @@ bool subghz_protocol_encoder_keeloq_deserialize(void* context, FlipperFormat* fl
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_keeloq_get_upload(instance, instance->generic.btn);
+        if(!subghz_protocol_encoder_keeloq_get_upload(instance, instance->generic.btn)) break;
 
         if(!flipper_format_rewind(flipper_format)) {
             FURI_LOG_E(TAG, "Rewind error");
diff --git a/lib/subghz/protocols/linear.c b/lib/subghz/protocols/linear.c
index 92ba02a8..8f7aed79 100644
--- a/lib/subghz/protocols/linear.c
+++ b/lib/subghz/protocols/linear.c
@@ -165,7 +165,7 @@ bool subghz_protocol_encoder_linear_deserialize(void* context, FlipperFormat* fl
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_linear_get_upload(instance);
+        if(!subghz_protocol_encoder_linear_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/magellen.c b/lib/subghz/protocols/magellen.c
index bb0600a7..52ef5a72 100644
--- a/lib/subghz/protocols/magellen.c
+++ b/lib/subghz/protocols/magellen.c
@@ -168,7 +168,7 @@ bool subghz_protocol_encoder_magellen_deserialize(void* context, FlipperFormat*
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_magellen_get_upload(instance);
+        if(!subghz_protocol_encoder_magellen_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/megacode.c b/lib/subghz/protocols/megacode.c
index 909e7217..1501580d 100644
--- a/lib/subghz/protocols/megacode.c
+++ b/lib/subghz/protocols/megacode.c
@@ -193,7 +193,7 @@ bool subghz_protocol_encoder_megacode_deserialize(void* context, FlipperFormat*
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_megacode_get_upload(instance);
+        if(!subghz_protocol_encoder_megacode_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/nero_radio.c b/lib/subghz/protocols/nero_radio.c
index 69326f5a..b5a7e8c0 100644
--- a/lib/subghz/protocols/nero_radio.c
+++ b/lib/subghz/protocols/nero_radio.c
@@ -172,7 +172,7 @@ bool subghz_protocol_encoder_nero_radio_deserialize(void* context, FlipperFormat
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_nero_radio_get_upload(instance);
+        if(!subghz_protocol_encoder_nero_radio_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/nero_sketch.c b/lib/subghz/protocols/nero_sketch.c
index c93b36a5..66ee569c 100644
--- a/lib/subghz/protocols/nero_sketch.c
+++ b/lib/subghz/protocols/nero_sketch.c
@@ -166,7 +166,7 @@ bool subghz_protocol_encoder_nero_sketch_deserialize(void* context, FlipperForma
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_nero_sketch_get_upload(instance);
+        if(!subghz_protocol_encoder_nero_sketch_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/nice_flo.c b/lib/subghz/protocols/nice_flo.c
index 07b18e3e..f07e9efc 100644
--- a/lib/subghz/protocols/nice_flo.c
+++ b/lib/subghz/protocols/nice_flo.c
@@ -149,7 +149,7 @@ bool subghz_protocol_encoder_nice_flo_deserialize(void* context, FlipperFormat*
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_nice_flo_get_upload(instance);
+        if(!subghz_protocol_encoder_nice_flo_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/phoenix_v2.c b/lib/subghz/protocols/phoenix_v2.c
index 3d2796e4..d680b2e6 100644
--- a/lib/subghz/protocols/phoenix_v2.c
+++ b/lib/subghz/protocols/phoenix_v2.c
@@ -150,7 +150,7 @@ bool subghz_protocol_encoder_phoenix_v2_deserialize(void* context, FlipperFormat
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_phoenix_v2_get_upload(instance);
+        if(!subghz_protocol_encoder_phoenix_v2_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;
diff --git a/lib/subghz/protocols/princeton.c b/lib/subghz/protocols/princeton.c
index 2ddfa2cb..a5b8134d 100644
--- a/lib/subghz/protocols/princeton.c
+++ b/lib/subghz/protocols/princeton.c
@@ -167,7 +167,7 @@ bool subghz_protocol_encoder_princeton_deserialize(void* context, FlipperFormat*
         flipper_format_read_uint32(
             flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
 
-        subghz_protocol_encoder_princeton_get_upload(instance);
+        if(!subghz_protocol_encoder_princeton_get_upload(instance)) break;
         instance->encoder.is_running = true;
 
         res = true;