Merge pull request #5729

7c894fc device_ledger: add paranoid buffer overflow check (moneromooo-monero)
f07524b device_ledger: fix uninitialized additional_key (moneromooo-monero)

2 files changed, 4 insertions, 2 deletions

diff --git a/src/device/device_ledger.cpp b/src/device/device_ledger.cpp
index eba633da8..2d91b881b 100644
--- a/src/device/device_ledger.cpp
+++ b/src/device/device_ledger.cpp
@@ -320,7 +320,9 @@ namespace hw {
     bool device_ledger::reset() {
       reset_buffer();
       int offset = set_command_header_noopt(INS_RESET);
-      memmove(this->buffer_send+offset, MONERO_VERSION, strlen(MONERO_VERSION));
+      const size_t verlen = strlen(MONERO_VERSION);
+      ASSERT_X(offset + verlen <= BUFFER_SEND_SIZE, "MONERO_VERSION is too long")
+      memmove(this->buffer_send+offset, MONERO_VERSION, verlen);
       offset += strlen(MONERO_VERSION);
       this->buffer_send[4] = offset-5;
       this->length_send = offset;
diff --git a/src/device/device_ledger.hpp b/src/device/device_ledger.hpp
index fe9028733..986087128 100644
--- a/src/device/device_ledger.hpp
+++ b/src/device/device_ledger.hpp
@@ -76,7 +76,7 @@ namespace hw {
         rct::key AKout;
         ABPkeys(const rct::key& A, const rct::key& B, const bool is_subaddr, bool is_subaddress, bool is_change_address, size_t index, const rct::key& P,const rct::key& AK);
         ABPkeys(const ABPkeys& keys) ;
-        ABPkeys() {index=0;is_subaddress=false;is_subaddress=false;is_change_address=false;}
+        ABPkeys() {index=0;is_subaddress=false;is_change_address=false;additional_key=false;}
         ABPkeys &operator=(const ABPkeys &keys);
     };