arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-16 11:28:14 +00:00
Code Issues Releases Wiki Activity

Avoid division by zero.

Browse Source 
Check that there is no overflow in `inputs_count + outputs_count`.
Check that previous transaction contains at least the spent output.
This commit is contained in:
Jochen Hoenicke 2018-04-04 17:51:13 +02:00 committed by Pavol Rusnak
parent f216328987
commit e1ad1512d0
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
firmware/fsm.c
View File

@ -534,6 +534,7 @@ void fsm_msgSignTx(SignTx *msg)
CHECK_PARAM(msg->inputs_count > 0, _("Transaction must have at least one input"));
CHECK_PARAM(msg->outputs_count > 0, _("Transaction must have at least one output"));
CHECK_PARAM(msg->inputs_count + msg->outputs_count >= msg->inputs_count, _("Value overflow"));
CHECK_PIN

10
firmware/signing.c
View File

@ -1000,6 +1000,16 @@ void signing_txack(TransactionType *tx)
}
return;
case STAGE_REQUEST_2_PREV_META:
if (tx->outputs_cnt <= input.prev_index) {
fsm_sendFailure(FailureType_Failure_DataError, _("Not enough outputs in previous transaction."));
signing_abort();
return;
}
if (tx->inputs_cnt + tx->outputs_cnt < tx->inputs_cnt) {
fsm_sendFailure(FailureType_Failure_DataError, _("Value overflow"));
signing_abort();
return;
}
tx_init(&tp, tx->inputs_cnt, tx->outputs_cnt, tx->version, tx->lock_time, tx->extra_data_len, coin->curve->hasher_sign);
if (coin->decred) {
tp.version |= (DECRED_SERIALIZE_NO_WITNESS << 16);