Security Review 1.16.0 by bboilot-ledger · Pull Request #760 · LedgerHQ/app-ethereum

bboilot-ledger · 2025-03-26T17:42:17Z

Description

This PR is used to review the 1.16.0 release of the Ethereum app.
The target branch will be set to develop once the review is finished and the fixes are pushed on the branch. It will be kept as draft to avoid any unwanted merge.

Changes include

Bugfix (non-breaking change that solves an issue)
New feature (non-breaking change that adds functionality)
Breaking change (change that is not backwards-compatible and/or changes current functionality)
Tests
Documentation
Other (for changes that might not fit in any category)

Breaking changes

Please complete this section if any breaking changes have been made, otherwise delete it.

Additional comments

Please post additional comments in this section if you have them, otherwise delete it.

bboilot-ledger

@apaillier-ledger @cedelavergne-ledger Hi 👋, here is a first batch of comments on the tx simulation feature. I will start a fuzzing campaign for tonight.

bboilot-ledger

Few comments regarding the current allocator. Dirty fixes can be enough since we're planning on switching to a real allocator in the next release.
Would recommend taking a look at https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html :)

bboilot-ledger · 2025-03-31T14:24:40Z

In add_to_field_table, strlen must be computed after the NULL check. (can't add a review on that since its not part of the modifications).

bboilot-ledger · 2025-03-31T14:47:33Z

Fuzzers should pass once the review's recommendations are implemented.

apaillier-ledger · 2025-04-07T16:09:00Z

In add_to_field_table, strlen must be computed after the NULL check. (can't add a review on that since its not part of the modifications).

@bboilot-ledger
Done in 5996919

bboilot-ledger commented Mar 27, 2025

View reviewed changes

bboilot-ledger commented Mar 28, 2025

View reviewed changes

Comment thread src_features/provide_network_info/network_info.c Outdated

Comment thread src_features/provide_tx_simulation/cmd_get_tx_simulation.c

Comment thread src_features/provide_network_info/network_info.c Outdated

Comment thread src_features/generic_tx_parser/calldata.c

bboilot-ledger commented Mar 31, 2025

View reviewed changes

Comment thread src/mem.c Outdated

Comment thread src/mem.c

Comment thread src/mem.c Outdated

bboilot-ledger force-pushed the security-review-1-16-0 branch from b0c2c79 to e4790d8 Compare March 31, 2025 14:45

bboilot-ledger commented Apr 1, 2025

View reviewed changes

Comment thread tests/ragger/test_tx_simulation.py

Comment thread tests/ragger/test_tx_simulation.py

Comment thread src_features/provide_tx_simulation/cmd_get_tx_simulation.c Outdated

bboilot-ledger requested review from apaillier-ledger and cedelavergne-ledger April 1, 2025 15:35

cedelavergne-ledger mentioned this pull request Apr 7, 2025

Update Security Audit 1.16.0 #766

Closed

1 task

bboilot-ledger and others added 9 commits April 7, 2025 17:39

test: fuzz 1.16.0 new features

266d0a7

ci: increase the cron fuzz job duration

25a16ee

Update snapshots

abc770f

Fix missing init appState when starting EIP712_v0 signature

ba8be2e

Rename functions to snake_case convention

fd622ec

Add static assert for buffer lengths

19dd343

Verify more fields based on simu type

c0f510e

Fix explicit_bzero size to reset

5a6ff2d

Move check_name in src/utils.c

5540e17

cedelavergne-ledger force-pushed the security-review-1-16-0 branch from e4790d8 to 5540e17 Compare April 7, 2025 15:40

apaillier-ledger added 4 commits April 7, 2025 18:01

Move NULL checks before strlen

5996919

Fix stripped_size value when right-stripping a calldata chunk

955058d

Add NULL check in calldata_cleanup

0b522b4

Add checks for overflow in memory allocator

de46712

apaillier-ledger force-pushed the security-review-1-16-0 branch from cf6853d to de46712 Compare April 7, 2025 16:07

bboilot-ledger and others added 2 commits April 8, 2025 11:36

fix: fuzzer harness due to function renaming

1b98b43

Remove useless comment

fbe953b

bboilot-ledger changed the base branch from master to develop April 8, 2025 13:25

bboilot-ledger marked this pull request as ready for review April 8, 2025 13:28

fix: false positive in the calldata fuzzing harness

1ff7182

bboilot-ledger force-pushed the security-review-1-16-0 branch from ab4e99c to 1ff7182 Compare April 8, 2025 13:42

apaillier-ledger approved these changes Apr 8, 2025

View reviewed changes

apaillier-ledger merged commit dbba2fb into develop Apr 8, 2025
201 checks passed

apaillier-ledger deleted the security-review-1-16-0 branch April 8, 2025 16:03

Conversation

bboilot-ledger commented Mar 26, 2025

Description

Changes include

Breaking changes

Additional comments

Uh oh!

bboilot-ledger left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

bboilot-ledger left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

bboilot-ledger commented Mar 31, 2025

Uh oh!

bboilot-ledger commented Mar 31, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

apaillier-ledger commented Apr 7, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

bboilot-ledger left a comment •

edited

Loading