diff --git a/src_features/signMessageEIP712/commands_712.c b/src_features/signMessageEIP712/commands_712.c index 78e6067..aebc8cb 100644 --- a/src_features/signMessageEIP712/commands_712.c +++ b/src_features/signMessageEIP712/commands_712.c @@ -116,7 +116,8 @@ bool handle_eip712_struct_impl(const uint8_t *const apdu_buf) } break; case P2_ARRAY: - ret = path_new_array_depth(apdu_buf[OFFSET_CDATA]); + ret = path_new_array_depth(&apdu_buf[OFFSET_CDATA], + apdu_buf[OFFSET_LC]); break; default: PRINTF("Unknown P2 0x%x for APDU 0x%x\n", diff --git a/src_features/signMessageEIP712/field_hash.c b/src_features/signMessageEIP712/field_hash.c index 1cec18e..211d175 100644 --- a/src_features/signMessageEIP712/field_hash.c +++ b/src_features/signMessageEIP712/field_hash.c @@ -296,6 +296,11 @@ bool field_hash(const uint8_t *data, { data = field_hash_prepare(field_ptr, data, &data_length); } + if (data_length > fh->remaining_size) + { + apdu_response_code = APDU_RESPONSE_INVALID_DATA; + return false; + } fh->remaining_size -= data_length; // if a dynamic type -> continue progressive hash if (IS_DYN(field_type)) diff --git a/src_features/signMessageEIP712/path.c b/src_features/signMessageEIP712/path.c index 746dda0..eda4076 100644 --- a/src_features/signMessageEIP712/path.c +++ b/src_features/signMessageEIP712/path.c @@ -442,19 +442,14 @@ bool path_set_root(const char *const struct_name, uint8_t name_length) * @return whether the checks and add were successful or not */ static bool check_and_add_array_depth(const void *depth, - uint8_t total_count, - uint8_t pidx, - uint8_t size) + uint8_t total_count, + uint8_t pidx, + uint8_t size) { uint8_t expected_size; uint8_t arr_idx; e_array_type expected_type; - if (path_struct == NULL) - { - apdu_response_code = APDU_RESPONSE_CONDITION_NOT_SATISFIED; - return false; - } arr_idx = (total_count - path_struct->array_depth_count) - 1; // we skip index 0, since we already have it for (uint8_t idx = 1; idx < (arr_idx + 1); ++idx) @@ -483,10 +478,12 @@ static bool check_and_add_array_depth(const void *depth, /** * Add a new array depth with a given size (number of elements). * - * @param[in] size number of elements + * @param[in] data pointer to the number of elements + * @param[in] length length of data * @return whether the add was successful or not */ -bool path_new_array_depth(uint8_t size) +bool path_new_array_depth(const uint8_t *const data, + uint8_t length) { const void *field_ptr = NULL; const void *depth = NULL; @@ -497,6 +494,12 @@ bool path_new_array_depth(uint8_t size) if (path_struct == NULL) { + apdu_response_code = APDU_RESPONSE_CONDITION_NOT_SATISFIED; + return false; + } + else if (length != 1) + { + apdu_response_code = APDU_RESPONSE_INVALID_DATA; return false; } @@ -517,7 +520,7 @@ bool path_new_array_depth(uint8_t size) total_count += depth_count; if (total_count > path_struct->array_depth_count) { - if (!check_and_add_array_depth(depth, total_count, pidx, size)) + if (!check_and_add_array_depth(depth, total_count, pidx, *data)) { return false; } diff --git a/src_features/signMessageEIP712/path.h b/src_features/signMessageEIP712/path.h index cf21c8c..0efa70a 100644 --- a/src_features/signMessageEIP712/path.h +++ b/src_features/signMessageEIP712/path.h @@ -36,7 +36,8 @@ const void *path_get_field(void); bool path_advance(void); bool path_init(void); void path_deinit(void); -bool path_new_array_depth(uint8_t size); +bool path_new_array_depth(const uint8_t *const data, + uint8_t length); e_root_type path_get_root_type(void); const void *path_get_root(void); const void *path_get_nth_field(uint8_t n);