arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-18 11:21:11 +00:00
Code Issues Releases Wiki Activity

Check that the input to storage_set_encrypted() doesn't exceed the maximum length of 65507.

Browse Source
This commit is contained in:
Andrew Kozlik 2019-02-20 18:27:19 +01:00
parent d715873ee6
commit 5b49878cdb
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
storage.c
View File

@ -906,8 +906,11 @@ secbool storage_get(const uint16_t key, void *val_dest, const uint16_t max_len,
*/
static secbool storage_set_encrypted(const uint16_t key, const void *val, const uint16_t len)
{
if (len > UINT16_MAX - CHACHA20_IV_SIZE - POLY1305_TAG_SIZE) {
return secfalse;
}
// Preallocate space on the flash storage.
uint16_t offset = 0;
if (sectrue != auth_set(key, NULL, CHACHA20_IV_SIZE + len + POLY1305_TAG_SIZE)) {
return secfalse;
}
@ -915,6 +918,7 @@ static secbool storage_set_encrypted(const uint16_t key, const void *val, const
// Write the IV to the flash.
uint8_t buffer[CHACHA20_BLOCK_SIZE + POLY1305_TAG_SIZE];
random_buffer(buffer, CHACHA20_IV_SIZE);
uint16_t offset = 0;
if (sectrue != norcow_update_bytes(key, offset, buffer, CHACHA20_IV_SIZE)) {
return secfalse;
}