Fix multiple vulnerabilities

2022-07-08 11:12:50 +02:00
parent 4eb7109b86
commit e0218520d8
20 changed files with 166 additions and 168 deletions
--- a/src_common/ethUstream.c
+++ b/src_common/ethUstream.c
@@ -296,6 +296,12 @@ static void processV(txContext_t *context) {
        PRINTF("Invalid type for RLP_V\n");
        THROW(EXCEPTION);
    }
+
+    if (context->currentFieldLength > sizeof(context->content->v)) {
+        PRINTF("Invalid length for RLP_V\n");
+        THROW(EXCEPTION);
+    }
+
    if (context->currentFieldPos < context->currentFieldLength) {
        uint32_t copySize =
            MIN(context->commandLength, context->currentFieldLength - context->currentFieldPos);
--- a/src_common/uint256.c
+++ b/src_common/uint256.c
@@ -476,6 +476,11 @@ bool tostring256(uint256_t *number, uint32_t baseParam, char *out, uint32_t outL
        divmod256(&rDiv, &base, &rDiv, &rMod);
        out[offset++] = HEXDIGITS[(uint8_t) LOWER(LOWER(rMod))];
    } while (!zero256(&rDiv));
+
+    if (offset > (outLength - 1)) {
+        return false;
+    }
+
    out[offset] = '\0';
    reverseString(out, offset);
    return true;