diff --git a/src/eth_plugin_handler.c b/src/eth_plugin_handler.c index 930182c..09c1602 100644 --- a/src/eth_plugin_handler.c +++ b/src/eth_plugin_handler.c @@ -63,6 +63,17 @@ eth_plugin_result_t eth_plugin_perform_init(uint8_t *contractAddress, PRINTF("Selector %.*H\n", 4, init->selector); if (tmpCtx.transactionContext.externalPluginIsSet) { + // check if the registered external plugin matches the TX contract address / method selector + if (memcmp(contractAddress, + dataContext.tokenContext.contract_address, + sizeof(dataContext.tokenContext.contract_address)) != 0) { + os_sched_exit(0); + } + if (memcmp(init->selector, + dataContext.tokenContext.method_selector, + sizeof(dataContext.tokenContext.method_selector)) != 0) { + os_sched_exit(0); + } PRINTF("External plugin will be used\n"); dataContext.tokenContext.pluginStatus = ETH_PLUGIN_RESULT_OK; contractAddress = NULL; diff --git a/src/shared_context.h b/src/shared_context.h index 2259398..3c46460 100644 --- a/src/shared_context.h +++ b/src/shared_context.h @@ -58,7 +58,13 @@ typedef struct tokenContext_t { uint8_t pluginUiCurrentItem; uint8_t pluginUiState; - uint8_t pluginContext[3 * 32]; + union { + struct { + uint8_t contract_address[20]; + uint8_t method_selector[4]; + }; + uint8_t pluginContext[3 * 32]; + }; #ifdef HAVE_STARKWARE uint8_t quantum[32]; diff --git a/src_features/setExternalPlugin/cmd_setExternalPlugin.c b/src_features/setExternalPlugin/cmd_setExternalPlugin.c index b5748f7..af1bb4a 100644 --- a/src_features/setExternalPlugin/cmd_setExternalPlugin.c +++ b/src_features/setExternalPlugin/cmd_setExternalPlugin.c @@ -2,6 +2,9 @@ #include "apdu_constants.h" #include "ui_flow.h" +#define CONTRACT_ADDR_SIZE 20 +#define SELECTOR_SIZE 4 + void handleSetExternalPlugin(uint8_t p1, uint8_t p2, uint8_t *workBuffer, @@ -11,9 +14,9 @@ void handleSetExternalPlugin(uint8_t p1, UNUSED(p1); UNUSED(p2); UNUSED(flags); - uint8_t pluginNameLength = dataLength; + uint8_t pluginNameLength = *workBuffer++; - if (dataLength < 1) { + if (dataLength < 1 || dataLength != 1 + pluginNameLength + CONTRACT_ADDR_SIZE + SELECTOR_SIZE) { THROW(0x6A80); } @@ -23,6 +26,7 @@ void handleSetExternalPlugin(uint8_t p1, memmove(dataContext.tokenContext.pluginName, workBuffer, pluginNameLength); dataContext.tokenContext.pluginName[pluginNameLength] = '\0'; + workBuffer += pluginNameLength; PRINTF("Check external plugin %s\n", dataContext.tokenContext.pluginName); @@ -36,6 +40,9 @@ void handleSetExternalPlugin(uint8_t p1, } CATCH_OTHER(e) { PRINTF("%s external plugin is not present\n", dataContext.tokenContext.pluginName); + memset(dataContext.tokenContext.pluginName, + sizeof(dataContext.tokenContext.pluginName), + 0); THROW(0x6984); } FINALLY { @@ -43,9 +50,13 @@ void handleSetExternalPlugin(uint8_t p1, } END_TRY; - tmpCtx.transactionContext.externalPluginIsSet = true; PRINTF("Plugin found\n"); + memmove(dataContext.tokenContext.contract_address, workBuffer, CONTRACT_ADDR_SIZE); + workBuffer += 20; + memmove(dataContext.tokenContext.method_selector, workBuffer, SELECTOR_SIZE); + tmpCtx.transactionContext.externalPluginIsSet = true; + G_io_apdu_buffer[(*tx)++] = 0x90; G_io_apdu_buffer[(*tx)++] = 0x00; } \ No newline at end of file