Fix multiple vulnerabilities

2022-07-08 11:12:50 +02:00
parent 4eb7109b86
commit e0218520d8
20 changed files with 166 additions and 168 deletions
--- a/src_features/stark_getPublicKey/cmd_stark_getPublicKey.c
+++ b/src_features/stark_getPublicKey/cmd_stark_getPublicKey.c
@@ -12,29 +12,28 @@ void handleStarkwareGetPublicKey(uint8_t p1,
                                 uint16_t dataLength,
                                 unsigned int *flags,
                                 unsigned int *tx) {
-    UNUSED(dataLength);
-    uint8_t privateKeyData[32];
-    uint32_t bip32Path[MAX_BIP32_PATH];
-    uint32_t i;
-    uint8_t bip32PathLength = *(dataBuffer++);
+    bip32_path_t bip32;
    cx_ecfp_private_key_t privateKey;
+    uint8_t privateKeyData[32];
+
    reset_app_context();
-    if ((bip32PathLength < 0x01) || (bip32PathLength > MAX_BIP32_PATH)) {
-        PRINTF("Invalid path\n");
-        THROW(0x6a80);
-    }
+
    if ((p1 != P1_CONFIRM) && (p1 != P1_NON_CONFIRM)) {
        THROW(0x6B00);
    }
+
    if (p2 != 0) {
        THROW(0x6B00);
    }
-    for (i = 0; i < bip32PathLength; i++) {
-        bip32Path[i] = U4BE(dataBuffer, 0);
-        dataBuffer += 4;
+
+    dataBuffer = parseBip32(dataBuffer, &dataLength, &bip32);
+
+    if (dataBuffer == NULL) {
+        THROW(0x6a80);
    }
+
    io_seproxyhal_io_heartbeat();
-    starkDerivePrivateKey(bip32Path, bip32PathLength, privateKeyData);
+    starkDerivePrivateKey(bip32.path, bip32.length, privateKeyData);
    cx_ecfp_init_private_key(CX_CURVE_Stark256, privateKeyData, 32, &privateKey);
    io_seproxyhal_io_heartbeat();
    cx_ecfp_generate_pair(CX_CURVE_Stark256, &tmpCtx.publicKeyContext.publicKey, &privateKey, 1);