Fix multiple vulnerabilities
This commit is contained in:
Jorge Martins
30
src/main.c
30
src/main.c
@@ -480,6 +480,36 @@ void handleGetWalletId(volatile unsigned int *tx) {
|
||||
|
||||
#endif // HAVE_WALLET_ID_SDK
|
||||
|
||||
uint8_t *parseBip32(uint8_t *dataBuffer, uint16_t *dataLength, bip32_path_t *bip32) {
|
||||
if (*dataLength < 1) {
|
||||
PRINTF("Invalid data\n");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
bip32->length = *dataBuffer;
|
||||
|
||||
if (bip32->length < 0x1 || bip32->length > MAX_BIP32_PATH) {
|
||||
PRINTF("Invalid bip32\n");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
dataBuffer++;
|
||||
(*dataLength)--;
|
||||
|
||||
if (*dataLength < sizeof(uint32_t) * (bip32->length)) {
|
||||
PRINTF("Invalid data\n");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
for (uint8_t i = 0; i < bip32->length; i++) {
|
||||
bip32->path[i] = U4BE(dataBuffer, 0);
|
||||
dataBuffer += sizeof(uint32_t);
|
||||
*dataLength -= sizeof(uint32_t);
|
||||
}
|
||||
|
||||
return dataBuffer;
|
||||
}
|
||||
|
||||
void handleApdu(unsigned int *flags, unsigned int *tx) {
|
||||
unsigned short sw = 0;
|
||||
|
||||
|
||||
@@ -18,6 +18,11 @@
|
||||
|
||||
#define N_storage (*(volatile internalStorage_t *) PIC(&N_storage_real))
|
||||
|
||||
typedef struct bip32_path_t {
|
||||
uint8_t length;
|
||||
uint32_t path[MAX_BIP32_PATH];
|
||||
} bip32_path_t;
|
||||
|
||||
typedef struct internalStorage_t {
|
||||
unsigned char dataAllowed;
|
||||
unsigned char contractDetails;
|
||||
@@ -82,8 +87,7 @@ typedef union extraInfo_t {
|
||||
} extraInfo_t;
|
||||
|
||||
typedef struct transactionContext_t {
|
||||
uint8_t pathLength;
|
||||
uint32_t bip32Path[MAX_BIP32_PATH];
|
||||
bip32_path_t bip32;
|
||||
uint8_t hash[INT256_LENGTH];
|
||||
union extraInfo_t extraInfo[MAX_ITEMS];
|
||||
uint8_t tokenSet[MAX_ITEMS];
|
||||
@@ -91,15 +95,13 @@ typedef struct transactionContext_t {
|
||||
} transactionContext_t;
|
||||
|
||||
typedef struct messageSigningContext_t {
|
||||
uint8_t pathLength;
|
||||
uint32_t bip32Path[MAX_BIP32_PATH];
|
||||
bip32_path_t bip32;
|
||||
uint8_t hash[INT256_LENGTH];
|
||||
uint32_t remainingLength;
|
||||
} messageSigningContext_t;
|
||||
|
||||
typedef struct messageSigningContext712_t {
|
||||
uint8_t pathLength;
|
||||
uint32_t bip32Path[MAX_BIP32_PATH];
|
||||
bip32_path_t bip32;
|
||||
uint8_t domainHash[32];
|
||||
uint8_t messageHash[32];
|
||||
} messageSigningContext712_t;
|
||||
@@ -217,5 +219,6 @@ extern uint32_t eth2WithdrawalIndex;
|
||||
#endif
|
||||
|
||||
void reset_app_context(void);
|
||||
uint8_t *parseBip32(uint8_t *, uint16_t *, bip32_path_t *);
|
||||
|
||||
#endif // _SHARED_CONTEXT_H_
|
||||
|
||||
Reference in New Issue
Block a user