Merge pull request #24 from Zondax/dev

Fixes

app/Makefile

@@ -74,9 +74,6 @@ INCLUDES_PATH += $(BOLOS_SDK)/lib_cxng/src
 rust:
 	@echo "No rust code"
 
-# Before linking, we need to be sure rust lib is there
-bin/app.elf: rust
-
 .PHONY: rust_clean
 rust_clean:
 	@echo "No rust code"

app/Makefile.version

@@ -3,4 +3,4 @@ APPVERSION_M=0
 # This is the `spec_version` field of `Runtime`
 APPVERSION_N=0
 # This is the patch version of this release
-APPVERSION_P=13
+APPVERSION_P=14

app/src/apdu_handler.c

@@ -111,7 +111,7 @@ __Z_INLINE void handleSignTransaction(volatile uint32_t *flags, volatile uint32_
     CHECK_APP_CANARY()
 
     if (error_msg != NULL) {
-        int error_msg_length = strlen(error_msg);
+        const int error_msg_length = strnlen(error_msg, sizeof(G_io_apdu_buffer));
         memcpy(G_io_apdu_buffer, error_msg, error_msg_length);
         *tx += (error_msg_length);
         THROW(APDU_CODE_DATA_INVALID);

app/src/coin.h

@@ -25,7 +25,7 @@ extern "C" {
 #define HDPATH_0_DEFAULT     (0x80000000u | 0x2cu)   //44
 
 #define HDPATH_1_DEFAULT     (0x80000000u | 0x36d)  //877
-#define HDPATH_1_TESTNET     (0x80000000u | 0x36d)  //877
+#define HDPATH_1_TESTNET     (0x80000000u | 0x01)  //1
 
 #define HDPATH_2_DEFAULT     (0x80000000u | 0u)
 #define HDPATH_3_DEFAULT     (0u)

app/src/crypto_helper.c

@@ -125,6 +125,7 @@ zxerr_t crypto_hashExtraDataSection(const section_t *extraData, uint8_t *output,
          return zxerr_invalid_crypto_settings;
     }
 
+    const uint32_t extraDataTagLen = extraData->tag.len;
 #if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX)
     cx_sha256_t sha256 = {0};
     cx_sha256_init(&sha256);
@@ -133,8 +134,8 @@ zxerr_t crypto_hashExtraDataSection(const section_t *extraData, uint8_t *output,
     CHECK_CX_OK(cx_sha256_update(&sha256, extraData->bytes.ptr, extraData->bytes.len));
     uint8_t has_tag = (extraData->tag.ptr == NULL) ? 0 : 1;
     CHECK_CX_OK(cx_sha256_update(&sha256, &has_tag, 1));
-    CHECK_CX_OK(cx_sha256_update(&sha256, (uint8_t*) &extraData->tag.len, has_tag*sizeof(extraData->tag.len)));
-    CHECK_CX_OK(cx_sha256_update(&sha256, extraData->tag.ptr, has_tag*extraData->tag.len));
+    CHECK_CX_OK(cx_sha256_update(&sha256, (uint8_t*) &extraDataTagLen, has_tag*sizeof(extraDataTagLen)));
+    CHECK_CX_OK(cx_sha256_update(&sha256, extraData->tag.ptr, has_tag*extraDataTagLen));
     CHECK_CX_OK(cx_sha256_final(&sha256, output));
 #else
     picohash_ctx_t sha256 = {0};
@@ -144,8 +145,8 @@ zxerr_t crypto_hashExtraDataSection(const section_t *extraData, uint8_t *output,
     picohash_update(&sha256, extraData->bytes.ptr, extraData->bytes.len);
     uint8_t has_tag = (extraData->tag.ptr == NULL) ? 0 : 1;
     picohash_update(&sha256, &has_tag, 1);
-    picohash_update(&sha256, (uint8_t*) &extraData->tag.len, has_tag*sizeof(extraData->tag.len));
-    picohash_update(&sha256, extraData->tag.ptr, has_tag*extraData->tag.len);
+    picohash_update(&sha256, (uint8_t*) &extraDataTagLen, has_tag*sizeof(extraDataTagLen));
+    picohash_update(&sha256, extraData->tag.ptr, has_tag*extraDataTagLen);
     picohash_final(&sha256, output);
 #endif
 
@@ -157,21 +158,22 @@ zxerr_t crypto_hashDataSection(const section_t *data, uint8_t *output, uint32_t
         return zxerr_no_data;
     }
 
+    const uint32_t dataBytesLen = data->bytes.len;
 #if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX)
     cx_sha256_t sha256 = {0};
     cx_sha256_init(&sha256);
     CHECK_CX_OK(cx_sha256_update(&sha256, &data->discriminant, 1));
     CHECK_CX_OK(cx_sha256_update(&sha256, data->salt.ptr, data->salt.len));
-    CHECK_CX_OK(cx_sha256_update(&sha256, (uint8_t*) &data->bytes.len, sizeof(data->bytes.len)));
-    CHECK_CX_OK(cx_sha256_update(&sha256, data->bytes.ptr, data->bytes.len));
+    CHECK_CX_OK(cx_sha256_update(&sha256, (uint8_t*) &dataBytesLen, sizeof(dataBytesLen)));
+    CHECK_CX_OK(cx_sha256_update(&sha256, data->bytes.ptr, dataBytesLen));
     CHECK_CX_OK(cx_sha256_final(&sha256, output));
 #else
     picohash_ctx_t sha256 = {0};
     picohash_init_sha256(&sha256);
     picohash_update(&sha256, &data->discriminant, 1);
     picohash_update(&sha256, data->salt.ptr, data->salt.len);
-    picohash_update(&sha256, (uint8_t*) &data->bytes.len, sizeof(data->bytes.len));
-    picohash_update(&sha256, data->bytes.ptr, data->bytes.len);
+    picohash_update(&sha256, (uint8_t*) &dataBytesLen, sizeof(dataBytesLen));
+    picohash_update(&sha256, data->bytes.ptr, dataBytesLen);
     picohash_final(&sha256, output);
 #endif
 
@@ -183,6 +185,7 @@ zxerr_t crypto_hashCodeSection(const section_t *code, uint8_t *output, uint32_t
          return zxerr_invalid_crypto_settings;
     }
 
+    const uint32_t codeTagLen = code->tag.len;
 #if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX)
     cx_sha256_t sha256 = {0};
     cx_sha256_init(&sha256);
@@ -191,8 +194,8 @@ zxerr_t crypto_hashCodeSection(const section_t *code, uint8_t *output, uint32_t
     CHECK_CX_OK(cx_sha256_update(&sha256, code->bytes.ptr, code->bytes.len));
     uint8_t has_tag = (code->tag.ptr == NULL) ? 0 : 1;
     CHECK_CX_OK(cx_sha256_update(&sha256, &has_tag, 1));
-    CHECK_CX_OK(cx_sha256_update(&sha256, (uint8_t*) &code->tag.len, has_tag*sizeof(code->tag.len)));
-    CHECK_CX_OK(cx_sha256_update(&sha256, code->tag.ptr, has_tag*code->tag.len));
+    CHECK_CX_OK(cx_sha256_update(&sha256, (uint8_t*) &codeTagLen, has_tag*sizeof(codeTagLen)));
+    CHECK_CX_OK(cx_sha256_update(&sha256, code->tag.ptr, has_tag*codeTagLen));
     CHECK_CX_OK(cx_sha256_final(&sha256, output));
 #else
     picohash_ctx_t sha256 = {0};
@@ -202,8 +205,8 @@ zxerr_t crypto_hashCodeSection(const section_t *code, uint8_t *output, uint32_t
     picohash_update(&sha256, code->bytes.ptr, code->bytes.len);
     uint8_t has_tag = (code->tag.ptr == NULL) ? 0 : 1;
     picohash_update(&sha256, &has_tag, 1);
-    picohash_update(&sha256, (uint8_t*) &code->tag.len, has_tag*sizeof(code->tag.len));
-    picohash_update(&sha256, code->tag.ptr, has_tag*code->tag.len);
+    picohash_update(&sha256, (uint8_t*) &codeTagLen, has_tag*sizeof(codeTagLen));
+    picohash_update(&sha256, code->tag.ptr, has_tag*codeTagLen);
     picohash_final(&sha256, output);
 #endif
 

app/src/leb128.c

@@ -53,7 +53,6 @@ zxerr_t decodeLEB128(const uint8_t *input, uint16_t inputSize, uint8_t *consumed
         if (!(input[i] & 0x80u)) {
             *consumed = i + 1;
             return zxerr_ok;
-            // return i + 1;
         }
 
         shift += 7;

app/src/parser_impl_txn.c

@@ -200,17 +200,30 @@ static parser_error_t readBecomeValidatorTxn(bytes_t *data, const section_t *ext
     // Max commission rate change
     CHECK_ERROR(readUint256(&ctx, &v->becomeValidator.max_commission_rate_change));
 
+    uint32_t tmpValue = 0;
     // The validator email
-    CHECK_ERROR(readUint32(&ctx, &v->becomeValidator.email.len))
+    CHECK_ERROR(readUint32(&ctx, &tmpValue));
+    if (tmpValue > UINT16_MAX) {
+        return parser_value_out_of_range;
+    }
+    v->becomeValidator.email.len = (uint16_t)tmpValue;
     CHECK_ERROR(readBytes(&ctx, &v->becomeValidator.email.ptr, v->becomeValidator.email.len))
 
     /// The validator description
     v->becomeValidator.description.ptr = NULL;
     v->becomeValidator.description.len = 0;
     uint8_t has_description = 0;
     CHECK_ERROR(readByte(&ctx, &has_description))
+    if (has_description != 0 && has_description != 1) {
+        return parser_value_out_of_range;
+    }
+
     if (has_description) {
-        CHECK_ERROR(readUint32(&ctx, &v->becomeValidator.description.len))
+        CHECK_ERROR(readUint32(&ctx, &tmpValue));
+        if (tmpValue > UINT16_MAX) {
+            return parser_value_out_of_range;
+        }
+        v->becomeValidator.description.len = (uint16_t)tmpValue;
         CHECK_ERROR(readBytes(&ctx, &v->becomeValidator.description.ptr, v->becomeValidator.description.len))
     }
 
@@ -220,7 +233,11 @@ static parser_error_t readBecomeValidatorTxn(bytes_t *data, const section_t *ext
     uint8_t has_website;
     CHECK_ERROR(readByte(&ctx, &has_website))
     if (has_website) {
-        CHECK_ERROR(readUint32(&ctx, &v->becomeValidator.website.len))
+        CHECK_ERROR(readUint32(&ctx, &tmpValue));
+        if (tmpValue > UINT16_MAX) {
+            return parser_value_out_of_range;
+        }
+        v->becomeValidator.website.len = (uint16_t)tmpValue;
         CHECK_ERROR(readBytes(&ctx, &v->becomeValidator.website.ptr, v->becomeValidator.website.len))
     }
 
@@ -230,7 +247,11 @@ static parser_error_t readBecomeValidatorTxn(bytes_t *data, const section_t *ext
     uint8_t has_discord_handle;
     CHECK_ERROR(readByte(&ctx, &has_discord_handle))
     if (has_discord_handle) {
-        CHECK_ERROR(readUint32(&ctx, &v->becomeValidator.discord_handle.len))
+        CHECK_ERROR(readUint32(&ctx, &tmpValue));
+        if (tmpValue > UINT16_MAX) {
+            return parser_value_out_of_range;
+        }
+        v->becomeValidator.discord_handle.len = (uint16_t)tmpValue;
         CHECK_ERROR(readBytes(&ctx, &v->becomeValidator.discord_handle.ptr, v->becomeValidator.discord_handle.len))
     }
 
@@ -652,10 +673,15 @@ static parser_error_t readTransferTxn(const bytes_t *data, parser_tx_t *v) {
     // Amount denomination
     CHECK_ERROR(readByte(&ctx, &v->transfer.amount_denom))
 
+    uint32_t tmpValue = 0;
     // Key, check if it is there
     CHECK_ERROR(readByte(&ctx, &v->transfer.has_key))
     if (v->transfer.has_key){
-        CHECK_ERROR(readUint32(&ctx, &v->transfer.key.len))
+        CHECK_ERROR(readUint32(&ctx, &tmpValue));
+        if (tmpValue > UINT16_MAX) {
+            return parser_value_out_of_range;
+        }
+        v->transfer.key.len = (uint16_t)tmpValue;
         // we are not displaying these bytes
         ctx.offset += v->transfer.key.len;
     }
@@ -701,7 +727,6 @@ static parser_error_t readBondUnbondTxn(const bytes_t *data, parser_tx_t *v) {
 }
 
 __Z_INLINE parser_error_t readTimestamp(parser_context_t *ctx, timestamp_t *timestamp) {
-    // uint64_t timestampSize = 0;
     uint8_t consumed = 0;
     uint64_t tmp = 0;
 
@@ -780,7 +805,6 @@ static parser_error_t readIBCTxn(const bytes_t *data, parser_tx_t *v) {
     return parser_ok;
 }
 
-// WrapperTx header
 parser_error_t readHeader(parser_context_t *ctx, parser_tx_t *v) {
     if (ctx == NULL || v == NULL) {
         return parser_unexpected_value;
@@ -804,8 +828,14 @@ parser_error_t readHeader(parser_context_t *ctx, parser_tx_t *v) {
         CHECK_ERROR(readUint32(ctx, &expiration_len))
         ctx->offset += expiration_len;
     }
+
+    uint32_t tmpValue = 0;
     // Timestamp
-    CHECK_ERROR(readUint32(ctx, &v->transaction.timestamp.len))
+    CHECK_ERROR(readUint32(ctx, &tmpValue));
+    if (tmpValue > UINT16_MAX) {
+        return parser_value_out_of_range;
+    }
+    v->transaction.timestamp.len = (uint16_t)tmpValue;
     CHECK_ERROR(readBytes(ctx, &v->transaction.timestamp.ptr, v->transaction.timestamp.len))
 
     // Code hash
@@ -876,8 +906,17 @@ static parser_error_t readExtraDataSection(parser_context_t *ctx, section_t *ext
     extraData->tag.len = 0;
     uint8_t has_tag = 0;
     CHECK_ERROR(readByte(ctx, &has_tag))
+    if (has_tag != 0 && has_tag != 1) {
+        return parser_value_out_of_range;
+    }
+
+    uint32_t tmpValue = 0;
     if (has_tag) {
-        CHECK_ERROR(readUint32(ctx, &extraData->tag.len))
+        CHECK_ERROR(readUint32(ctx, &tmpValue));
+        if (tmpValue > UINT16_MAX) {
+            return parser_value_out_of_range;
+        }
+        extraData->tag.len = (uint16_t)tmpValue;
         CHECK_ERROR(readBytes(ctx, &extraData->tag.ptr, extraData->tag.len))
     }
 
@@ -964,7 +1003,12 @@ static parser_error_t readDataSection(parser_context_t *ctx, section_t *data) {
         return parser_unexpected_value;
     }
     CHECK_ERROR(readSalt(ctx, &data->salt))
-    CHECK_ERROR(readUint32(ctx, &data->bytes.len))
+    uint32_t tmpValue = 0;
+    CHECK_ERROR(readUint32(ctx, &tmpValue));
+    if (tmpValue > UINT16_MAX) {
+        return parser_value_out_of_range;
+    }
+    data->bytes.len = (uint16_t)tmpValue;
     CHECK_ERROR(readBytes(ctx, &data->bytes.ptr, data->bytes.len))
 
     // Must make sure that header dataHash refers to this section's hash
@@ -998,8 +1042,17 @@ static parser_error_t readCodeSection(parser_context_t *ctx, section_t *code) {
     code->tag.len = 0;
     uint8_t has_tag = 0;
     CHECK_ERROR(readByte(ctx, &has_tag))
+    if (has_tag != 0 && has_tag != 1) {
+        return parser_value_out_of_range;
+    }
+
     if (has_tag) {
-        CHECK_ERROR(readUint32(ctx, &code->tag.len))
+        uint32_t tmpValue = 0;
+        CHECK_ERROR(readUint32(ctx, &tmpValue));
+        if (tmpValue > UINT16_MAX) {
+            return parser_value_out_of_range;
+        }
+        code->tag.len = (uint16_t)tmpValue;
         CHECK_ERROR(readBytes(ctx, &code->tag.ptr, code->tag.len))
     }
 
@@ -1049,6 +1102,9 @@ parser_error_t readSections(parser_context_t *ctx, parser_tx_t *v) {
     v->transaction.sections.signaturesLen = 0;
 
     for (uint32_t i = 0; i < v->transaction.sections.sectionLen; i++) {
+        if (ctx->offset >= ctx->bufferLen) {
+            return parser_unexpected_error;
+        }
         const uint8_t discriminant = *(ctx->buffer + ctx->offset);
         switch (discriminant) {
             case DISCRIMINANT_DATA: {

app/src/parser_print_common.c

@@ -164,67 +164,6 @@ static parser_error_t printAmount64( uint64_t amount, uint8_t amountDenom, const
     return parser_ok;
 }
 
-parser_error_t decimal_to_string(int64_t num, uint32_t scale, char* strDec, size_t bufferSize) {
-
-    if (strDec == NULL || bufferSize == 0) {
-        return parser_invalid_output_buffer; // Invalid output buffer
-    }
-
-    // Initialize the output buffer
-    MEMZERO(strDec, bufferSize);
-
-    // Handle negative value
-    if (num < 0) {
-        strDec[0] = '-';
-        num = -num;
-    }
-
-    // Convert the integer part to string
-    size_t index = (num < 0) ? 1 : 0;
-    int64_t divisor = 1;
-    for (uint32_t i = 0; i < scale; i++) {
-        divisor *= 10;
-    }
-
-    int64_t integerPart = num / divisor;
-    int64_t fractionalPart = num % divisor;
-
-    if (integerPart == 0) {
-        CHECK_PTR_BOUNDS(index, bufferSize);
-        strDec[index++] = '0';
-    } else {
-        int64_t tmp_int = integerPart;
-        while (tmp_int > 0 && index < bufferSize - 1) {
-            CHECK_PTR_BOUNDS(index, bufferSize);
-            strDec[index++] = '0' + (tmp_int % 10);
-            tmp_int /= 10;
-        }
-
-        // Reverse the integer part
-        for (size_t i = (num < 0) ? 1 : 0, j = index - 1; i < j; i++, j--) {
-            char tmp_char = strDec[i];
-            strDec[i] = strDec[j];
-            strDec[j] = tmp_char;
-        }
-    }
-
-    // Append the decimal point
-    if (scale > 0 && index < bufferSize - 1) {
-        CHECK_PTR_BOUNDS(index, bufferSize);
-        strDec[index++] = '.';
-    }
-
-    // Convert the fractional part to string with leading zeros
-    while (scale > 0 && index < bufferSize - 1) {
-        divisor /= 10;
-        CHECK_PTR_BOUNDS(index, bufferSize);
-        strDec[index++] = '0' + (fractionalPart / divisor);
-        fractionalPart %= divisor;
-        scale--;
-    }
-    return parser_ok;
-}
-
 parser_error_t printPublicKey( const bytes_t *pubkey,
                             char *outVal, uint16_t outValLen,
                             uint8_t pageIdx, uint8_t *pageCount) {

app/src/parser_types.h

@@ -65,7 +65,7 @@ typedef struct {
 
 typedef struct {
     const uint8_t *ptr;
-    uint32_t len;
+    uint16_t len;
 } bytes_t;
 
 typedef struct {