1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-16 11:28:14 +00:00

Off by one error in word length.

This could lead to a buffer overrun if the final 0 byte is
written to current_word[j] after the loop.

Also document the limit of passphrase in mnemonic_to_seed.
This commit is contained in:
Jochen Hoenicke 2015-03-20 21:36:01 +01:00
parent e37ba822e6
commit 1b42fde852
2 changed files with 3 additions and 1 deletions

View File

@ -103,7 +103,7 @@ int mnemonic_check(const char *mnemonic)
while (mnemonic[i]) { while (mnemonic[i]) {
j = 0; j = 0;
while (mnemonic[i] != ' ' && mnemonic[i] != 0) { while (mnemonic[i] != ' ' && mnemonic[i] != 0) {
if (j >= sizeof(current_word)) { if (j >= sizeof(current_word) - 1) {
return 0; return 0;
} }
current_word[j] = mnemonic[i]; current_word[j] = mnemonic[i];
@ -145,6 +145,7 @@ int mnemonic_check(const char *mnemonic)
return 0; return 0;
} }
// passphrase must be at most 256 characters or code may crash
void mnemonic_to_seed(const char *mnemonic, const char *passphrase, uint8_t seed[512 / 8], void (*progress_callback)(uint32_t current, uint32_t total)) void mnemonic_to_seed(const char *mnemonic, const char *passphrase, uint8_t seed[512 / 8], void (*progress_callback)(uint32_t current, uint32_t total))
{ {
uint8_t salt[8 + 256 + 4]; uint8_t salt[8 + 256 + 4];

View File

@ -34,6 +34,7 @@ const char *mnemonic_from_data(const uint8_t *data, int len);
int mnemonic_check(const char *mnemonic); int mnemonic_check(const char *mnemonic);
// passphrase must be at most 256 characters or code may crash
void mnemonic_to_seed(const char *mnemonic, const char *passphrase, uint8_t seed[512 / 8], void (*progress_callback)(uint32_t current, uint32_t total)); void mnemonic_to_seed(const char *mnemonic, const char *passphrase, uint8_t seed[512 / 8], void (*progress_callback)(uint32_t current, uint32_t total));
const char * const *mnemonic_wordlist(void); const char * const *mnemonic_wordlist(void);