aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorluigi1111 <luigi1111w@gmail.com>2019-10-25 16:06:37 -0500
committerluigi1111 <luigi1111w@gmail.com>2019-10-25 16:06:37 -0500
commit7caa2b0d3e71066c4f2c8fe0e3ca5642a4e74ec3 (patch)
treed3eb13e49e3f2f9dc0f4ed7baf0d60e2d9b0d236
parentMerge pull request #5958 (diff)
parentdevice: bounds checking in Ledger send_secret/receive_secret (diff)
downloadmonero-7caa2b0d3e71066c4f2c8fe0e3ca5642a4e74ec3.tar.xz
Merge pull request #6024
296ec7c device: bounds checking in Ledger send_secret/receive_secret (xiphon)
-rw-r--r--src/device/device_ledger.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/device/device_ledger.cpp b/src/device/device_ledger.cpp
index b89fb0827..49f54e5a5 100644
--- a/src/device/device_ledger.cpp
+++ b/src/device/device_ledger.cpp
@@ -357,9 +357,11 @@ namespace hw {
void device_ledger::send_secret(const unsigned char sec[32], int &offset) {
MDEBUG("send_secret: " << this->tx_in_progress);
+ ASSERT_X(offset + 32 <= BUFFER_SEND_SIZE, "send_secret: out of bounds write (secret)");
memmove(this->buffer_send+offset, sec, 32);
offset +=32;
if (this->tx_in_progress) {
+ ASSERT_X(offset + 32 <= BUFFER_SEND_SIZE, "send_secret: out of bounds write (mac)");
this->hmac_map.find_mac((uint8_t*)sec, this->buffer_send+offset);
offset += 32;
}
@@ -367,9 +369,11 @@ namespace hw {
void device_ledger::receive_secret(unsigned char sec[32], int &offset) {
MDEBUG("receive_secret: " << this->tx_in_progress);
+ ASSERT_X(offset + 32 <= BUFFER_RECV_SIZE, "receive_secret: out of bounds read (secret)");
memmove(sec, this->buffer_recv+offset, 32);
offset += 32;
if (this->tx_in_progress) {
+ ASSERT_X(offset + 32 <= BUFFER_RECV_SIZE, "receive_secret: out of bounds read (mac)");
this->hmac_map.add_mac((uint8_t*)sec, this->buffer_recv+offset);
offset += 32;
}