arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-16 19:38:09 +00:00
Code Issues Releases Wiki Activity

Off by one error in word length.

Browse Source 
This could lead to a buffer overrun if the final 0 byte is
written to current_word[j] after the loop.

Also document the limit of passphrase in mnemonic_to_seed.
This commit is contained in:
Jochen Hoenicke 2015-03-20 21:36:01 +01:00
parent e37ba822e6
commit 1b42fde852
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bip39.c
View File

@ -103,7 +103,7 @@ int mnemonic_check(const char *mnemonic)
while (mnemonic[i]) {
j = 0;
while (mnemonic[i] != ' ' && mnemonic[i] != 0) {
if (j >= sizeof(current_word)) {
if (j >= sizeof(current_word) - 1) {
return 0;
}
current_word[j] = mnemonic[i];
@ -145,6 +145,7 @@ int mnemonic_check(const char *mnemonic)
return 0;
}
// passphrase must be at most 256 characters or code may crash
void mnemonic_to_seed(const char *mnemonic, const char *passphrase, uint8_t seed[512 / 8], void (*progress_callback)(uint32_t current, uint32_t total))
{
uint8_t salt[8 + 256 + 4];

1
bip39.h
View File

@ -34,6 +34,7 @@ const char *mnemonic_from_data(const uint8_t *data, int len);
int mnemonic_check(const char *mnemonic);
// passphrase must be at most 256 characters or code may crash
void mnemonic_to_seed(const char *mnemonic, const char *passphrase, uint8_t seed[512 / 8], void (*progress_callback)(uint32_t current, uint32_t total));
const char * const *mnemonic_wordlist(void);