diff options
author | luigi1111 <luigi1111w@gmail.com> | 2019-10-25 16:06:37 -0500 |
---|---|---|
committer | luigi1111 <luigi1111w@gmail.com> | 2019-10-25 16:06:37 -0500 |
commit | 7caa2b0d3e71066c4f2c8fe0e3ca5642a4e74ec3 (patch) | |
tree | d3eb13e49e3f2f9dc0f4ed7baf0d60e2d9b0d236 | |
parent | Merge pull request #5958 (diff) | |
parent | device: bounds checking in Ledger send_secret/receive_secret (diff) | |
download | monero-7caa2b0d3e71066c4f2c8fe0e3ca5642a4e74ec3.tar.xz |
Merge pull request #6024
296ec7c device: bounds checking in Ledger send_secret/receive_secret (xiphon)
-rw-r--r-- | src/device/device_ledger.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/device/device_ledger.cpp b/src/device/device_ledger.cpp index b89fb0827..49f54e5a5 100644 --- a/src/device/device_ledger.cpp +++ b/src/device/device_ledger.cpp @@ -357,9 +357,11 @@ namespace hw { void device_ledger::send_secret(const unsigned char sec[32], int &offset) { MDEBUG("send_secret: " << this->tx_in_progress); + ASSERT_X(offset + 32 <= BUFFER_SEND_SIZE, "send_secret: out of bounds write (secret)"); memmove(this->buffer_send+offset, sec, 32); offset +=32; if (this->tx_in_progress) { + ASSERT_X(offset + 32 <= BUFFER_SEND_SIZE, "send_secret: out of bounds write (mac)"); this->hmac_map.find_mac((uint8_t*)sec, this->buffer_send+offset); offset += 32; } @@ -367,9 +369,11 @@ namespace hw { void device_ledger::receive_secret(unsigned char sec[32], int &offset) { MDEBUG("receive_secret: " << this->tx_in_progress); + ASSERT_X(offset + 32 <= BUFFER_RECV_SIZE, "receive_secret: out of bounds read (secret)"); memmove(sec, this->buffer_recv+offset, 32); offset += 32; if (this->tx_in_progress) { + ASSERT_X(offset + 32 <= BUFFER_RECV_SIZE, "receive_secret: out of bounds read (mac)"); this->hmac_map.add_mac((uint8_t*)sec, this->buffer_recv+offset); offset += 32; } |