arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 04:18:10 +00:00
Code Issues Releases Wiki Activity

fix(crypto): Fix bip39 out of bounds read.

Browse Source
This commit is contained in:
Andrew Kozlik 2022-07-01 17:20:55 +02:00 committed by matejcik
parent c5d22b4395
commit b1bee00a3a
1 changed files with 9 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
crypto/bip39.c
View File

@ -122,7 +122,7 @@ int mnemonic_to_bits(const char *mnemonic, uint8_t *bits) {
} }
char current_word[10] = {0}; char current_word[10] = {0};
uint32_t j = 0, k = 0, ki = 0, bi = 0; uint32_t j = 0, ki = 0, bi = 0;
uint8_t result[32 + 1] = {0}; uint8_t result[32 + 1] = {0};
memzero(result, sizeof(result)); memzero(result, sizeof(result));
@ -141,22 +141,15 @@ int mnemonic_to_bits(const char *mnemonic, uint8_t *bits) {
if (mnemonic[i] != 0) { if (mnemonic[i] != 0) {
i++; i++;
} }
k = 0; int k = mnemonic_find_word(current_word);
for (;;) { if (k < 0) { // word not found
if (!BIP39_WORDLIST_ENGLISH[k]) { // word not found return 0;
return 0; }
for (ki = 0; ki < 11; ki++) {
if (k & (1 << (10 - ki))) {
result[bi / 8] |= 1 << (7 - (bi % 8));
} }
if (strcmp(current_word, BIP39_WORDLIST_ENGLISH[k]) == bi++;
0) { // word found on index k
for (ki = 0; ki < 11; ki++) {
if (k & (1 << (10 - ki))) {
result[bi / 8] |= 1 << (7 - (bi % 8));
}
bi++;
}
break;
}
k++;
} }
} }
if (bi != n * 11) { if (bi != n * 11) {