1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 04:18:10 +00:00

fix(crypto): Fix bip39 out of bounds read.

This commit is contained in:
Andrew Kozlik 2022-07-01 17:20:55 +02:00 committed by matejcik
parent c5d22b4395
commit b1bee00a3a

View File

@ -122,7 +122,7 @@ int mnemonic_to_bits(const char *mnemonic, uint8_t *bits) {
} }
char current_word[10] = {0}; char current_word[10] = {0};
uint32_t j = 0, k = 0, ki = 0, bi = 0; uint32_t j = 0, ki = 0, bi = 0;
uint8_t result[32 + 1] = {0}; uint8_t result[32 + 1] = {0};
memzero(result, sizeof(result)); memzero(result, sizeof(result));
@ -141,23 +141,16 @@ int mnemonic_to_bits(const char *mnemonic, uint8_t *bits) {
if (mnemonic[i] != 0) { if (mnemonic[i] != 0) {
i++; i++;
} }
k = 0; int k = mnemonic_find_word(current_word);
for (;;) { if (k < 0) { // word not found
if (!BIP39_WORDLIST_ENGLISH[k]) { // word not found
return 0; return 0;
} }
if (strcmp(current_word, BIP39_WORDLIST_ENGLISH[k]) ==
0) { // word found on index k
for (ki = 0; ki < 11; ki++) { for (ki = 0; ki < 11; ki++) {
if (k & (1 << (10 - ki))) { if (k & (1 << (10 - ki))) {
result[bi / 8] |= 1 << (7 - (bi % 8)); result[bi / 8] |= 1 << (7 - (bi % 8));
} }
bi++; bi++;
} }
break;
}
k++;
}
} }
if (bi != n * 11) { if (bi != n * 11) {
return 0; return 0;