arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-23 13:51:00 +00:00
Code Issues Releases Wiki Activity

crypto: Fix buffer overflow in b58tobin.

Browse Source
This commit is contained in:
Andrew Kozlik 2020-04-14 15:22:02 +02:00 committed by Tomas Susanka
parent f34e2382fa
commit 20dd1ddc60
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
crypto/base58.c
View File

@ -46,6 +46,9 @@ typedef uint32_t b58_almostmaxint_t;
static const b58_almostmaxint_t b58_almostmaxint_mask = static const b58_almostmaxint_t b58_almostmaxint_mask =
((((b58_maxint_t)1) << b58_almostmaxint_bits) - 1); ((((b58_maxint_t)1) << b58_almostmaxint_bits) - 1);
// Decodes a null-terminated Base58 string `b58` to binary and writes the result
// at the end of the buffer `bin` of size `*binszp`. On success `*binszp` is set
// to the number of valid bytes at the end of the buffer.
bool b58tobin(void *bin, size_t *binszp, const char *b58) { bool b58tobin(void *bin, size_t *binszp, const char *b58) {
size_t binsz = *binszp; size_t binsz = *binszp;
@ -108,20 +111,18 @@ bool b58tobin(void *bin, size_t *binszp, const char *b58) {
} }
} }
// Count canonical base58 byte count // locate the most significant byte
binu = bin; binu = bin;
for (i = 0; i < binsz; ++i) { for (i = 0; i < binsz; ++i) {
if (binu[i]) { if (binu[i]) break;
}
// prepend the correct number of null-bytes
if (zerocount > i) { if (zerocount > i) {
/* result too large */ /* result too large */
return false; return false;
} }
*binszp = binsz - i + zerocount;
break;
}
--*binszp;
}
*binszp += zerocount;
return true; return true;
} }