diff --git a/src/features/generic_tx_parser/gtp_param_calldata.c b/src/features/generic_tx_parser/gtp_param_calldata.c index fa6f887878..815ebf11a1 100644 --- a/src/features/generic_tx_parser/gtp_param_calldata.c +++ b/src/features/generic_tx_parser/gtp_param_calldata.c @@ -7,6 +7,7 @@ #include "utils.h" #include "read.h" #include "tx_ctx.h" +#include "mem.h" enum { TAG_VERSION = 0x00, @@ -146,8 +147,11 @@ static bool process_nested_calldata(const s_param_calldata *param, calldata_length = calldata->length - CALLDATA_SELECTOR_SIZE; } - if (((new_calldata = calldata_init(calldata_length, selector_buf)) == NULL) || - !calldata_append(new_calldata, calldata_buf, calldata_length)) { + if ((new_calldata = calldata_init(calldata_length, selector_buf)) == NULL) { + return false; + } + if (!calldata_append(new_calldata, calldata_buf, calldata_length)) { + app_mem_free(new_calldata); return false; } } diff --git a/src/features/provide_trusted_name/trusted_name.c b/src/features/provide_trusted_name/trusted_name.c index daf516fbb9..3ee3cd59e9 100644 --- a/src/features/provide_trusted_name/trusted_name.c +++ b/src/features/provide_trusted_name/trusted_name.c @@ -659,7 +659,7 @@ bool verify_trusted_name_struct(const s_trusted_name_ctx *context) { return false; } - size_t name_length = strlen(context->trusted_name.name); + size_t name_length = strnlen(context->trusted_name.name, sizeof(context->trusted_name.name)); if ((context->trusted_name.struct_version == 1) || ((context->trusted_name.name_type == TN_TYPE_ACCOUNT) && (context->trusted_name.name_source == TN_SOURCE_ENS))) { diff --git a/src/features/signTx/ethUstream.c b/src/features/signTx/ethUstream.c index 46628a303b..7f954a3bfe 100644 --- a/src/features/signTx/ethUstream.c +++ b/src/features/signTx/ethUstream.c @@ -175,7 +175,9 @@ static bool processChainID(txContext_t *context) { if (context->currentFieldPos < context->currentFieldLength) { uint32_t copySize = MIN(context->commandLength, context->currentFieldLength - context->currentFieldPos); - if (copyTxData(context, context->content->chainID.value, copySize) == false) { + if (copyTxData(context, + context->content->chainID.value + context->currentFieldPos, + copySize) == false) { return false; } } @@ -195,7 +197,9 @@ static bool processNonce(txContext_t *context) { if (context->currentFieldPos < context->currentFieldLength) { uint32_t copySize = MIN(context->commandLength, context->currentFieldLength - context->currentFieldPos); - if (copyTxData(context, context->content->nonce.value, copySize) == false) { + if (copyTxData(context, + context->content->nonce.value + context->currentFieldPos, + copySize) == false) { return false; } } diff --git a/src/plugins/eip7002/eip7002_plugin.c b/src/plugins/eip7002/eip7002_plugin.c index 9bdeba32ba..4a39f4dc18 100644 --- a/src/plugins/eip7002/eip7002_plugin.c +++ b/src/plugins/eip7002/eip7002_plugin.c @@ -37,9 +37,15 @@ static void eip7002_plugin_init_contract(ethPluginInitContract_t *param) { eip7002_context_t *context = (eip7002_context_t *) param->pluginContext; explicit_bzero(context, sizeof(*context)); - memcpy(&context->withdrawal_request[context->received], param->selector, SELECTOR_SIZE); - context->received += SELECTOR_SIZE; - param->result = ETH_PLUGIN_RESULT_OK; + if ((context->received + CALLDATA_SELECTOR_SIZE) > sizeof(context->withdrawal_request)) { + param->result = ETH_PLUGIN_RESULT_ERROR; + } else { + memcpy(&context->withdrawal_request[context->received], + param->selector, + CALLDATA_SELECTOR_SIZE); + context->received += CALLDATA_SELECTOR_SIZE; + param->result = ETH_PLUGIN_RESULT_OK; + } } static void eip7002_plugin_provider_parameter(ethPluginProvideParameter_t *param) { @@ -47,12 +53,13 @@ static void eip7002_plugin_provider_parameter(ethPluginProvideParameter_t *param if ((context->received + param->parameter_size) > sizeof(context->withdrawal_request)) { param->result = ETH_PLUGIN_RESULT_ERROR; + } else { + memcpy(&context->withdrawal_request[context->received], + param->parameter, + param->parameter_size); + context->received += param->parameter_size; + param->result = ETH_PLUGIN_RESULT_OK; } - memcpy(&context->withdrawal_request[context->received], - param->parameter, - param->parameter_size); - context->received += param->parameter_size; - param->result = ETH_PLUGIN_RESULT_OK; } static void eip7002_plugin_finalize(ethPluginFinalize_t *param) { @@ -84,6 +91,9 @@ static void eip7002_plugin_query_contract_ui(ethQueryContractUI_t *param) { switch (param->screenIndex) { case 0: + if (param->msgLength < 2) { + return; + } strlcpy(param->title, "Validator", param->titleLength); memcpy(param->msg, "0x", 2); format_hex(context->validator_pubkey, @@ -110,23 +120,25 @@ static void eip7002_plugin_query_contract_ui(ethQueryContractUI_t *param) { } void eip7002_plugin_call(eth_plugin_msg_t msg, void *param) { - switch (msg) { - case ETH_PLUGIN_INIT_CONTRACT: - eip7002_plugin_init_contract(param); - break; - case ETH_PLUGIN_PROVIDE_PARAMETER: - eip7002_plugin_provider_parameter(param); - break; - case ETH_PLUGIN_FINALIZE: - eip7002_plugin_finalize(param); - break; - case ETH_PLUGIN_QUERY_CONTRACT_ID: - eip7002_plugin_query_contract_id(param); - break; - case ETH_PLUGIN_QUERY_CONTRACT_UI: - eip7002_plugin_query_contract_ui(param); - break; - default: - PRINTF("Unhandled message 0x%x\n", msg); + if (param != NULL) { + switch (msg) { + case ETH_PLUGIN_INIT_CONTRACT: + eip7002_plugin_init_contract(param); + break; + case ETH_PLUGIN_PROVIDE_PARAMETER: + eip7002_plugin_provider_parameter(param); + break; + case ETH_PLUGIN_FINALIZE: + eip7002_plugin_finalize(param); + break; + case ETH_PLUGIN_QUERY_CONTRACT_ID: + eip7002_plugin_query_contract_id(param); + break; + case ETH_PLUGIN_QUERY_CONTRACT_UI: + eip7002_plugin_query_contract_ui(param); + break; + default: + PRINTF("Unhandled message 0x%x\n", msg); + } } } diff --git a/src/plugins/eip7251/eip7251_plugin.c b/src/plugins/eip7251/eip7251_plugin.c index 778b0555a7..c81d071fcd 100644 --- a/src/plugins/eip7251/eip7251_plugin.c +++ b/src/plugins/eip7251/eip7251_plugin.c @@ -39,9 +39,15 @@ static void eip7251_plugin_init_contract(ethPluginInitContract_t *param) { eip7251_context_t *context = (eip7251_context_t *) param->pluginContext; explicit_bzero(context, sizeof(*context)); - memcpy(&context->consolidation_request[context->received], param->selector, SELECTOR_SIZE); - context->received += SELECTOR_SIZE; - param->result = ETH_PLUGIN_RESULT_OK; + if ((context->received + CALLDATA_SELECTOR_SIZE) > sizeof(context->consolidation_request)) { + param->result = ETH_PLUGIN_RESULT_ERROR; + } else { + memcpy(&context->consolidation_request[context->received], + param->selector, + CALLDATA_SELECTOR_SIZE); + context->received += CALLDATA_SELECTOR_SIZE; + param->result = ETH_PLUGIN_RESULT_OK; + } } static void eip7251_plugin_provider_parameter(ethPluginProvideParameter_t *param) { @@ -49,12 +55,13 @@ static void eip7251_plugin_provider_parameter(ethPluginProvideParameter_t *param if ((context->received + param->parameter_size) > sizeof(context->consolidation_request)) { param->result = ETH_PLUGIN_RESULT_ERROR; + } else { + memcpy(&context->consolidation_request[context->received], + param->parameter, + param->parameter_size); + context->received += param->parameter_size; + param->result = ETH_PLUGIN_RESULT_OK; } - memcpy(&context->consolidation_request[context->received], - param->parameter, - param->parameter_size); - context->received += param->parameter_size; - param->result = ETH_PLUGIN_RESULT_OK; } static void eip7251_plugin_finalize(ethPluginFinalize_t *param) { @@ -80,50 +87,54 @@ static void eip7251_plugin_query_contract_id(ethQueryContractID_t *param) { static void eip7251_plugin_query_contract_ui(ethQueryContractUI_t *param) { eip7251_context_t *context = (eip7251_context_t *) param->pluginContext; - memcpy(param->msg, "0x", 2); - switch (param->screenIndex) { - case 0: - if (target_equals_source(context)) { - strlcpy(param->title, "Validator", param->titleLength); - } else { - strlcpy(param->title, "From validator", param->titleLength); - } - format_hex(context->source_pubkey, - sizeof(context->source_pubkey), - ¶m->msg[2], - param->msgLength - 2); - break; - case 1: - strlcpy(param->title, "To validator", param->titleLength); - format_hex(context->target_pubkey, - sizeof(context->target_pubkey), - ¶m->msg[2], - param->msgLength - 2); - break; - default: - break; + if (param->msgLength >= 2) { + memcpy(param->msg, "0x", 2); + switch (param->screenIndex) { + case 0: + if (target_equals_source(context)) { + strlcpy(param->title, "Validator", param->titleLength); + } else { + strlcpy(param->title, "From validator", param->titleLength); + } + format_hex(context->source_pubkey, + sizeof(context->source_pubkey), + ¶m->msg[2], + param->msgLength - 2); + break; + case 1: + strlcpy(param->title, "To validator", param->titleLength); + format_hex(context->target_pubkey, + sizeof(context->target_pubkey), + ¶m->msg[2], + param->msgLength - 2); + break; + default: + break; + } + param->result = ETH_PLUGIN_RESULT_OK; } - param->result = ETH_PLUGIN_RESULT_OK; } void eip7251_plugin_call(eth_plugin_msg_t msg, void *param) { - switch (msg) { - case ETH_PLUGIN_INIT_CONTRACT: - eip7251_plugin_init_contract(param); - break; - case ETH_PLUGIN_PROVIDE_PARAMETER: - eip7251_plugin_provider_parameter(param); - break; - case ETH_PLUGIN_FINALIZE: - eip7251_plugin_finalize(param); - break; - case ETH_PLUGIN_QUERY_CONTRACT_ID: - eip7251_plugin_query_contract_id(param); - break; - case ETH_PLUGIN_QUERY_CONTRACT_UI: - eip7251_plugin_query_contract_ui(param); - break; - default: - PRINTF("Unhandled message 0x%x\n", msg); + if (param != NULL) { + switch (msg) { + case ETH_PLUGIN_INIT_CONTRACT: + eip7251_plugin_init_contract(param); + break; + case ETH_PLUGIN_PROVIDE_PARAMETER: + eip7251_plugin_provider_parameter(param); + break; + case ETH_PLUGIN_FINALIZE: + eip7251_plugin_finalize(param); + break; + case ETH_PLUGIN_QUERY_CONTRACT_ID: + eip7251_plugin_query_contract_id(param); + break; + case ETH_PLUGIN_QUERY_CONTRACT_UI: + eip7251_plugin_query_contract_ui(param); + break; + default: + PRINTF("Unhandled message 0x%x\n", msg); + } } } diff --git a/src/plugins/erc20/erc20_plugin.c b/src/plugins/erc20/erc20_plugin.c index 252856020f..331528f7f2 100644 --- a/src/plugins/erc20/erc20_plugin.c +++ b/src/plugins/erc20/erc20_plugin.c @@ -103,8 +103,13 @@ void erc20_plugin_call(eth_plugin_msg_t message, void *parameters) { memmove(context->extra_data + extra_data_offset, msg->parameter, CALLDATA_CHUNK_SIZE); - context->extra_data_len += msg->parameter_size; - msg->result = ETH_PLUGIN_RESULT_OK; + if (msg->parameter_size <= CALLDATA_CHUNK_SIZE) { + context->extra_data_len += msg->parameter_size; + msg->result = ETH_PLUGIN_RESULT_OK; + } else { + PRINTF("Error: wrong parameter size!\n"); + msg->result = ETH_PLUGIN_RESULT_ERROR; + } } else { PRINTF("Extra data too long to buffer\n"); context->extra_data_len = 0; diff --git a/src/plugins/eth2/eth2_plugin.c b/src/plugins/eth2/eth2_plugin.c index e29789aa07..0b3f512b4c 100644 --- a/src/plugins/eth2/eth2_plugin.c +++ b/src/plugins/eth2/eth2_plugin.c @@ -39,6 +39,9 @@ typedef struct eth2_deposit_parameters_t { } eth2_deposit_parameters_t; void eth2_plugin_call(eth_plugin_msg_t message, void *parameters) { + if (parameters == NULL) { + return; + } switch (message) { case ETH_PLUGIN_INIT_CONTRACT: { ethPluginInitContract_t *msg = (ethPluginInitContract_t *) parameters; @@ -51,6 +54,7 @@ void eth2_plugin_call(eth_plugin_msg_t message, void *parameters) { ethPluginProvideParameter_t *msg = (ethPluginProvideParameter_t *) parameters; eth2_deposit_parameters_t *context = (eth2_deposit_parameters_t *) msg->pluginContext; uint32_t index; + PRINTF("eth2 plugin provide parameter %d %.*H\n", msg->parameterOffset, 32,