From e1ad1512d09590dbcf6c7fdb8893bc71f99d0d26 Mon Sep 17 00:00:00 2001 From: Jochen Hoenicke Date: Wed, 4 Apr 2018 17:51:13 +0200 Subject: [PATCH] Avoid division by zero. Check that there is no overflow in `inputs_count + outputs_count`. Check that previous transaction contains at least the spent output. --- firmware/fsm.c | 1 + firmware/signing.c | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/firmware/fsm.c b/firmware/fsm.c index 3a9593c8b5..cacf44d1a8 100644 --- a/firmware/fsm.c +++ b/firmware/fsm.c @@ -534,6 +534,7 @@ void fsm_msgSignTx(SignTx *msg) CHECK_PARAM(msg->inputs_count > 0, _("Transaction must have at least one input")); CHECK_PARAM(msg->outputs_count > 0, _("Transaction must have at least one output")); + CHECK_PARAM(msg->inputs_count + msg->outputs_count >= msg->inputs_count, _("Value overflow")); CHECK_PIN diff --git a/firmware/signing.c b/firmware/signing.c index 8b34e10b83..9ec43cfd35 100644 --- a/firmware/signing.c +++ b/firmware/signing.c @@ -1000,6 +1000,16 @@ void signing_txack(TransactionType *tx) } return; case STAGE_REQUEST_2_PREV_META: + if (tx->outputs_cnt <= input.prev_index) { + fsm_sendFailure(FailureType_Failure_DataError, _("Not enough outputs in previous transaction.")); + signing_abort(); + return; + } + if (tx->inputs_cnt + tx->outputs_cnt < tx->inputs_cnt) { + fsm_sendFailure(FailureType_Failure_DataError, _("Value overflow")); + signing_abort(); + return; + } tx_init(&tp, tx->inputs_cnt, tx->outputs_cnt, tx->version, tx->lock_time, tx->extra_data_len, coin->curve->hasher_sign); if (coin->decred) { tp.version |= (DECRED_SERIALIZE_NO_WITNESS << 16);