[Audit] Fix Safe account

cedelavergne-ledger · cedelavergne-ledger · commit d95d24580755 · 2025-09-18T17:58:32.000+02:00
diff --git a/src_features/provide_safe_account/cmd_safe_account.c b/src_features/provide_safe_account/cmd_safe_account.c
@@ -52,6 +52,10 @@ uint16_t handle_safe_account(uint8_t p1,
                 sw = APDU_RESPONSE_OK;  // No error for P1_SAFE_DESCRIPTOR if SAFE_DESC is NULL
             }
             break;
+        default:
+            PRINTF("Error: Invalid P2 (%u)\n", p2);
+            sw = APDU_RESPONSE_INVALID_P1_P2;
+            break;
     }
 
     if (sw != APDU_RESPONSE_OK) {
diff --git a/src_features/provide_safe_account/signer_descriptor.c b/src_features/provide_safe_account/signer_descriptor.c
@@ -37,7 +37,7 @@ enum {
 
 typedef struct {
     signers_descriptor_t *signers;
-    uint8_t addess_count;
+    uint8_t address_count;
     uint8_t sig_size;
     uint8_t *sig;
     cx_sha256_t hash_ctx;
@@ -142,11 +142,11 @@ static bool handle_challenge(const s_tlv_data *data, s_signer_ctx *context) {
 static bool handle_address(const s_tlv_data *data, s_signer_ctx *context) {
     CHECK_FIELD_LENGTH("ADDRESS", data->length, ADDRESS_LENGTH);
     CHECK_EMPTY_BUFFER("ADDRESS", data->value, data->length);
-    if (context->addess_count >= SAFE_DESC->signers_count) {
+    if (context->address_count >= SAFE_DESC->signers_count) {
         PRINTF("Error: Too many addresses in Signer descriptor!\n");
         return false;
     }
-    COPY_FIELD(context->signers->data[context->addess_count++].address, data);
+    COPY_FIELD(context->signers->data[context->address_count++].address, data);
     context->rcv_flags |= SET_BIT(BIT_ADDRESS);
     return true;
 }
@@ -225,7 +225,7 @@ static void print_signer_info(const s_signer_ctx *context) {
 
     PRINTF("****************************************************************************\n");
     PRINTF("[SAFE ACCOUNT] - Retrieved Signer Descriptor:\n");
-    for (i = 0; i < context->addess_count; i++) {
+    for (i = 0; i < context->address_count; i++) {
         PRINTF("[SAFE ACCOUNT] -    Address[%d]: %.*h\n",
                i,
                ADDRESS_LENGTH,
@@ -250,7 +250,7 @@ static bool verify_signer_struct(const s_signer_ctx *context) {
         PRINTF("Error: Signature verification failed for Signer descriptor!\n");
         return false;
     }
-    if (context->addess_count < SAFE_DESC->signers_count) {
+    if (context->address_count < SAFE_DESC->signers_count) {
         PRINTF("Error: Too few addresses in Signer descriptor!\n");
         return false;
     }
@@ -347,7 +347,6 @@ bool handle_signer_tlv_payload(const uint8_t *payload, uint16_t size) {
 void clear_signer_descriptor(void) {
     if (SIGNER_DESC.data != NULL) {
         app_mem_free(SIGNER_DESC.data);
-        SIGNER_DESC.data = NULL;
     }
     explicit_bzero(&SIGNER_DESC, sizeof(SIGNER_DESC));
 }

Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,10 @@ uint16_t handle_safe_account(uint8_t p1,`
`52`	`52`	`sw = APDU_RESPONSE_OK; // No error for P1_SAFE_DESCRIPTOR if SAFE_DESC is NULL`
`53`	`53`	`}`
`54`	`54`	`break;`
	`55`	`+ default:`
	`56`	`+ PRINTF("Error: Invalid P2 (%u)\n", p2);`
	`57`	`+ sw = APDU_RESPONSE_INVALID_P1_P2;`
	`58`	`+ break;`
`55`	`59`	`}`
`56`	`60`
`57`	`61`	`if (sw != APDU_RESPONSE_OK) {`