Fix buffer OOB write

cedelavergne-ledger · cedelavergne-ledger · commit 5a63965e0508 · 2024-05-07T13:52:12.000+02:00
diff --git a/src/common_utils.c b/src/common_utils.c
@@ -235,15 +235,15 @@ void getEthAddressFromRawKey(const uint8_t raw_pubkey[static 65],
 }
 
 void getEthAddressStringFromRawKey(const uint8_t raw_pubkey[static 65],
-                                   char out[static ADDRESS_LENGTH * 2],
+                                   char out[static (ADDRESS_LENGTH * 2) + 1],
                                    uint64_t chainId) {
     uint8_t hashAddress[CX_KECCAK_256_SIZE];
     CX_ASSERT(cx_keccak_256_hash(raw_pubkey + 1, 64, hashAddress));
     getEthAddressStringFromBinary(hashAddress + 12, out, chainId);
 }
 
 bool getEthAddressStringFromBinary(uint8_t *address,
-                                   char out[static ADDRESS_LENGTH * 2],
+                                   char out[static (ADDRESS_LENGTH * 2) + 1],
                                    uint64_t chainId) {
     // save some precious stack space
     union locals_union {
@@ -295,7 +295,7 @@ bool getEthAddressStringFromBinary(uint8_t *address,
             }
         }
     }
-    out[40] = '\0';
+    out[ADDRESS_LENGTH * 2] = '\0';
 
     return true;
 }
diff --git a/src/common_utils.h b/src/common_utils.h
@@ -71,11 +71,11 @@ void getEthAddressFromRawKey(const uint8_t raw_pubkey[static 65],
                              uint8_t out[static ADDRESS_LENGTH]);
 
 void getEthAddressStringFromRawKey(const uint8_t raw_pubkey[static 65],
-                                   char out[static ADDRESS_LENGTH * 2],
+                                   char out[static (ADDRESS_LENGTH * 2) + 1],
                                    uint64_t chainId);
 
 bool getEthAddressStringFromBinary(uint8_t *address,
-                                   char out[static ADDRESS_LENGTH * 2],
+                                   char out[static (ADDRESS_LENGTH * 2) + 1],
                                    uint64_t chainId);
 
 bool getEthDisplayableAddress(uint8_t *in, char *out, size_t out_len, uint64_t chainId);

Original file line number	Diff line number	Diff line change
`@@ -235,15 +235,15 @@ void getEthAddressFromRawKey(const uint8_t raw_pubkey[static 65],`
`235`	`235`	`}`
`236`	`236`
`237`	`237`	`void getEthAddressStringFromRawKey(const uint8_t raw_pubkey[static 65],`
`238`		`- char out[static ADDRESS_LENGTH * 2],`
	`238`	`+ char out[static (ADDRESS_LENGTH * 2) + 1],`
`239`	`239`	`uint64_t chainId) {`
`240`	`240`	`uint8_t hashAddress[CX_KECCAK_256_SIZE];`
`241`	`241`	`CX_ASSERT(cx_keccak_256_hash(raw_pubkey + 1, 64, hashAddress));`
`242`	`242`	`getEthAddressStringFromBinary(hashAddress + 12, out, chainId);`
`243`	`243`	`}`
`244`	`244`
`245`	`245`	`bool getEthAddressStringFromBinary(uint8_t *address,`
`246`		`- char out[static ADDRESS_LENGTH * 2],`
	`246`	`+ char out[static (ADDRESS_LENGTH * 2) + 1],`
`247`	`247`	`uint64_t chainId) {`
`248`	`248`	`// save some precious stack space`
`249`	`249`	`union locals_union {`
`@@ -295,7 +295,7 @@ bool getEthAddressStringFromBinary(uint8_t *address,`
`295`	`295`	`}`
`296`	`296`	`}`
`297`	`297`	`}`
`298`		`- out[40] = '\0';`
	`298`	`+ out[ADDRESS_LENGTH * 2] = '\0';`
`299`	`299`
`300`	`300`	`return true;`
`301`	`301`	`}`