Merge pull request #47 from cosmos/main

New Release

.gitmodules

@@ -1,18 +1,6 @@
-[submodule "deps/nanos-secure-sdk"]
-	path = deps/nanos-secure-sdk
-	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
-[submodule "deps/nanox-secure-sdk"]
-	path = deps/nanox-secure-sdk
-	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
-[submodule "deps/nanosplus-secure-sdk"]
-	path = deps/nanosplus-secure-sdk
-	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
 [submodule "deps/ledger-zxlib"]
 	path = deps/ledger-zxlib
 	url = https://github.com/Zondax/ledger-zxlib.git
-[submodule "deps/stax-secure-sdk"]
-	path = deps/stax-secure-sdk
-	url = https://github.com/LedgerHQ/ledger-secure-sdk
 [submodule "deps/ledger-secure-sdk"]
 	path = deps/ledger-secure-sdk
-	url = https://github.com/LedgerHQ/ledger-secure-sdk
+	url = https://github.com/LedgerHQ/ledger-secure-sdk

app/Makefile.version

@@ -3,4 +3,4 @@ APPVERSION_M=2
 # This is the `spec_version` field of `Runtime`
 APPVERSION_N=35
 # This is the patch version of this release
-APPVERSION_P=24
+APPVERSION_P=26

app/src/common/parser_common.h

@@ -22,6 +22,14 @@ extern "C" {
 #include <stdint.h>
 #include <stddef.h>
 
+#if defined(TARGET_NANOS2) || defined(TARGET_STAX) || defined(TARGET_FLEX)
+#define TX_BUFFER_SIZE 16384
+#elif defined(TARGET_NANOX)
+#define TX_BUFFER_SIZE 16384
+#elif defined(TARGET_NANOS)
+#define TX_BUFFER_SIZE 8192
+#endif
+
 #define CHECK_PARSER_ERR(__CALL) { \
     parser_error_t __err = __CALL;  \
     CHECK_APP_CANARY()  \

app/src/json/json_parser.c

@@ -22,6 +22,14 @@
 #define EQUALS(_P, _Q, _LEN) (MEMCMP( (const void*) PIC(_P), (const void*) PIC(_Q), (_LEN))==0)
 
 parser_error_t json_parse(parsed_json_t *parsed_json, const char *buffer, uint16_t bufferLen) {
+    // This check was previously implemented to prevent, here we want to avoid false positives.
+    // It is especially important in fuzzing environments where this check was omitted.
+#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX) || defined(TARGET_FLEX)
+    if (bufferLen > TX_BUFFER_SIZE) {
+        return parser_context_unexpected_size;
+    }
+#endif
+
     jsmn_parser parser;
     jsmn_init(&parser);
 

app/src/tx_validate.c

@@ -37,7 +37,7 @@ int8_t is_space(char c) {
     return 0;
 }
 
-int8_t contains_whitespace(parsed_json_t *json) {
+parser_error_t contains_whitespace(parsed_json_t *json) {
     int start = 0;
     const int last_element_index = json->tokens[0].end;
 
@@ -47,21 +47,26 @@ int8_t contains_whitespace(parsed_json_t *json) {
             const int end = json->tokens[i].start;
             for (int j = start; j < end; j++) {
                 if (is_space(json->buffer[j]) == 1) {
-                    return 1;
+                    return parser_json_contains_whitespace;
                 }
             }
             start = json->tokens[i].end + 1;
         } else {
-            return 0;
+            return parser_ok;
         }
     }
+
+    if (start < 0) {
+        return parser_json_unexpected_error;
+    }
+
     while (start < last_element_index && json->buffer[start] != '\0') {
         if (is_space(json->buffer[start])) {
-            return 1;
+            return parser_json_contains_whitespace;
         }
         start++;
     }
-    return 0;
+    return parser_ok;
 }
 
 int8_t is_sorted(uint16_t first_index,
@@ -128,16 +133,16 @@ int8_t dictionaries_sorted(parsed_json_t *json) {
 }
 
 parser_error_t tx_validate(parsed_json_t *json) {
-    if (contains_whitespace(json) == 1) {
-        return parser_json_contains_whitespace;
+    parser_error_t err = contains_whitespace(json);
+    if (err != parser_ok) {
+        return err;
     }
 
     if (dictionaries_sorted(json) != 1) {
         return parser_json_is_not_sorted;
     }
 
     uint16_t token_index;
-    parser_error_t err;
 
     err = object_get_value(json, 0, "chain_id", &token_index);
     if (err != parser_ok)