From 81aeda86db79974e2db29ff42db5c961992ac38d Mon Sep 17 00:00:00 2001
From: Jack Doan <me@jackdoan.com>
Date: Mon, 25 Apr 2022 09:59:48 -0500
Subject: [PATCH] NFC: fix memory corruption in nfc_worker_read_mifare_desfire
 (#1156)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* NFC: fix memory corruption in nfc_worker_read_mifare_desfire
* NFC: if the NFC tag doesn't have apps or files, don't try to save them.
* NFC: make-format

Co-authored-by: Jack Doan <jackdoan@rivian.com>
Co-authored-by: Skorpionm <85568270+Skorpionm@users.noreply.github.com>
Co-authored-by: Nikolay Minaylov <nm29719@gmail.com>
Co-authored-by: あく <alleteam@gmail.com>
---
 applications/nfc/nfc_device.c | 2 ++
 applications/nfc/nfc_worker.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/applications/nfc/nfc_device.c b/applications/nfc/nfc_device.c
index c3e6bdd4..6b769803 100644
--- a/applications/nfc/nfc_device.c
+++ b/applications/nfc/nfc_device.c
@@ -262,6 +262,7 @@ static bool nfc_device_save_mifare_df_app(FlipperFormat* file, MifareDesfireAppl
                    file, app->key_settings, string_get_cstr(prefix)))
                 break;
         }
+        if(!app->file_head) break;
         uint32_t n_files = 0;
         for(MifareDesfireFile* f = app->file_head; f; f = f->next) {
             n_files++;
@@ -477,6 +478,7 @@ static bool nfc_device_save_mifare_df_data(FlipperFormat* file, NfcDevice* dev)
             n_apps++;
         }
         if(!flipper_format_write_uint32(file, "Application Count", &n_apps, 1)) break;
+        if(n_apps == 0) break;
         tmp = malloc(n_apps * 3);
         int i = 0;
         for(MifareDesfireApplication* app = data->app_head; app; app = app->next) {
diff --git a/applications/nfc/nfc_worker.c b/applications/nfc/nfc_worker.c
index 13248394..f44335bb 100644
--- a/applications/nfc/nfc_worker.c
+++ b/applications/nfc/nfc_worker.c
@@ -540,6 +540,7 @@ void nfc_worker_read_mifare_desfire(NfcWorker* nfc_worker) {
                 FURI_LOG_W(TAG, "Bad DESFire GET_KEY_SETTINGS response");
                 free(data->master_key_settings);
                 data->master_key_settings = NULL;
+                continue;
             }
 
             MifareDesfireKeyVersion** key_version_head =
@@ -593,6 +594,7 @@ void nfc_worker_read_mifare_desfire(NfcWorker* nfc_worker) {
                     FURI_LOG_W(TAG, "Bad DESFire GET_KEY_SETTINGS response");
                     free(app->key_settings);
                     app->key_settings = NULL;
+                    continue;
                 }
 
                 MifareDesfireKeyVersion** key_version_head = &app->key_settings->key_version_head;