diff --git a/app/src/apdu_handler.c b/app/src/apdu_handler.c index 3222c96f..a7ed6dc5 100644 --- a/app/src/apdu_handler.c +++ b/app/src/apdu_handler.c @@ -63,6 +63,7 @@ __Z_INLINE void handle_getversion(__Z_UNUSED volatile uint32_t *flags, volatile } __Z_INLINE uint8_t extractHRP(uint32_t rx, uint32_t offset) { + uint8_t hrp_len = 0; if (rx < offset + 1) { THROW(APDU_CODE_DATA_INVALID); } @@ -77,10 +78,15 @@ __Z_INLINE uint8_t extractHRP(uint32_t rx, uint32_t offset) { memcpy(bech32_hrp, G_io_apdu_buffer + offset + 1, bech32_hrp_len); bech32_hrp[bech32_hrp_len] = 0; // zero terminate - return bech32_hrp_len; + hrp_len = bech32_hrp_len; + return hrp_len; } __Z_INLINE void extractHDPath(uint32_t rx, uint32_t offset) { + if (rx < offset + 1) { + THROW(APDU_CODE_DATA_INVALID); + } + if ((rx - offset) < sizeof(uint32_t) * HDPATH_LEN_DEFAULT) { THROW(APDU_CODE_WRONG_LENGTH); } @@ -110,8 +116,8 @@ static void extractHDPath_HRP(uint32_t rx, uint32_t offset) { // Check if HRP was sent if ((rx - offset) > sizeof(uint32_t) * HDPATH_LEN_DEFAULT) { - extractHRP(rx, offset + sizeof(uint32_t) * HDPATH_LEN_DEFAULT); - encoding = checkChainConfig(hdPath[1], bech32_hrp, bech32_hrp_len); + uint8_t hrp_bech32_len = extractHRP(rx, offset + sizeof(uint32_t) * HDPATH_LEN_DEFAULT); + encoding = checkChainConfig(hdPath[1], bech32_hrp, hrp_bech32_len); if (encoding == UNSUPPORTED) { ZEMU_LOGF(50, "Chain config not supported for: %s\n", bech32_hrp) THROW(APDU_CODE_COMMAND_NOT_ALLOWED); diff --git a/app/src/cbor/cbor_parser_helper.c b/app/src/cbor/cbor_parser_helper.c index a6d02b4a..59af1ee3 100644 --- a/app/src/cbor/cbor_parser_helper.c +++ b/app/src/cbor/cbor_parser_helper.c @@ -35,6 +35,9 @@ parser_error_t parser_mapCborError(CborError err) { } static parser_error_t cbor_check_optFields(CborValue *data, Cbor_container *container) { + if (data == NULL || container == NULL) { + return parser_unexpected_value; + } int key; for (size_t i = 0; i < container->n_field; i++) { @@ -67,6 +70,10 @@ static parser_error_t cbor_check_optFields(CborValue *data, Cbor_container *cont } static parser_error_t cbor_check_screen(CborValue *data, Cbor_container *container) { + if (data == NULL || container == NULL) { + return parser_unexpected_value; + } + int screen_key; //check title Key PARSER_ASSERT_OR_ERROR(cbor_value_is_integer(data), parser_unexpected_type) diff --git a/app/src/crypto.c b/app/src/crypto.c index f2972e4e..12f29145 100644 --- a/app/src/crypto.c +++ b/app/src/crypto.c @@ -29,7 +29,7 @@ uint32_t hdPath[HDPATH_LEN_DEFAULT]; uint8_t bech32_hrp_len; char bech32_hrp[MAX_BECH32_HRP_LEN + 1]; -address_encoding_e encoding; +address_encoding_e encoding = BECH32_COSMOS; #include "cx.h" @@ -73,15 +73,7 @@ static zxerr_t crypto_extractUncompressedPublicKey(uint8_t *pubKey, uint16_t pub __Z_INLINE zxerr_t compressPubkey(const uint8_t *pubkey, uint16_t pubkeyLen, uint8_t *output, uint16_t outputLen) { if (pubkey == NULL || output == NULL || pubkeyLen != PK_LEN_SECP256K1_UNCOMPRESSED || outputLen < PK_LEN_SECP256K1) { - return zxerr_unknown; - } - - // Format pubkey - for (int i = 0; i < 32; i++) { - output[i] = pubkey[64 - i]; - } - if ((pubkey[32] & 1) != 0) { - output[31] |= 0x80; + return zxerr_invalid_crypto_settings; } MEMCPY(output, pubkey, PK_LEN_SECP256K1); diff --git a/app/src/crypto.h b/app/src/crypto.h index 12a0ea6e..7b216290 100644 --- a/app/src/crypto.h +++ b/app/src/crypto.h @@ -33,8 +33,6 @@ extern char bech32_hrp[MAX_BECH32_HRP_LEN + 1]; extern uint8_t bech32_hrp_len; extern address_encoding_e encoding; -void crypto_set_hrp(char *p); - zxerr_t crypto_fillAddress(uint8_t *buffer, uint16_t bufferLen, uint16_t *addrResponseLen); zxerr_t crypto_sign(uint8_t *signature, uint16_t signatureMaxlen, uint16_t *signatureLen); diff --git a/app/src/parser.c b/app/src/parser.c index 0292e760..96d971e5 100644 --- a/app/src/parser.c +++ b/app/src/parser.c @@ -467,7 +467,7 @@ __Z_INLINE parser_error_t parser_getJsonItem(const parser_context_t *ctx, return parser_unexpected_number_items; } - if (displayIdx < 0 || displayIdx >= numItems) { + if (displayIdx >= numItems) { return parser_display_idx_out_of_range; }