Merge pull request #15 from Zondax/dev

Audit fixes (#14)
Zondax · Dec 17, 2024 · 1392d97 · 1392d97
2 parents 5392e69 + fa0e59a
commit 1392d97
Show file tree

Hide file tree

Showing 13 changed files with 18 additions and 14 deletions.
diff --git a/app/Makefile.version b/app/Makefile.version
@@ -3,4 +3,4 @@ APPVERSION_M=0
 # This is the minor version
 APPVERSION_N=1
 # This is the patch version
-APPVERSION_P=2
+APPVERSION_P=3
diff --git a/app/src/evm/apdu_handler_evm.c b/app/src/evm/apdu_handler_evm.c
@@ -88,10 +88,10 @@ bool process_chunk_eip191(__Z_UNUSED volatile uint32_t *tx, uint32_t rx) {
             uint32_t path_len = sizeof(uint32_t) * hdPathEth_len;
 
             // plus the first offset data containing the path len
-            data += path_len + 1;
             if (len < path_len) {
                 THROW(APDU_CODE_WRONG_LENGTH);
             }
+            data += path_len + 1;
             len -= path_len + 1;
 
             // now process the chunk

diff --git a/app/src/evm/evm_eip191.c b/app/src/evm/evm_eip191.c
@@ -50,6 +50,10 @@ zxerr_t eip191_msg_getItem(int8_t displayIdx, char *outKey, uint16_t outKeyLen,
     snprintf(outVal, outValLen, " ");
     *pageCount = 1;
 
+    if (tx_get_buffer_length() < sizeof(uint32_t) || tx_get_buffer() == NULL) {
+        return zxerr_unknown;
+    }
+
     const uint8_t *message = tx_get_buffer() + sizeof(uint32_t);
     const uint16_t messageLength = tx_get_buffer_length() - sizeof(uint32_t);
 
@@ -126,4 +130,4 @@ zxerr_t eip191_hash_message(const uint8_t *message, uint16_t messageLen, uint8_t
 #endif
 
     return zxerr_ok;
-}
+}
diff --git a/deps/ledger-zxlib b/deps/ledger-zxlib
diff --git a/tests_zemu/package.json b/tests_zemu/package.json
@@ -29,27 +29,27 @@
   },
   "devDependencies": {
     "@types/elliptic": "^6.4.14",
-    "@types/jest": "^29.5.13",
+    "@types/jest": "^29.5.14",
     "@types/ledgerhq__hw-transport": "^4.21.8",
     "@types/secp256k1": "^4.0.6",
-    "@typescript-eslint/eslint-plugin": "^8.6.0",
-    "@typescript-eslint/parser": "^8.6.0",
+    "@typescript-eslint/eslint-plugin": "^8.18.1",
+    "@typescript-eslint/parser": "^8.18.1",
     "blakejs": "^1.1.1",
     "crypto-js": "4.2.0",
     "ed25519-supercop": "^2.0.1",
-    "eslint": "^9.10.0",
+    "eslint": "^9.17.0",
     "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-import": "^2.30.0",
-    "eslint-plugin-jest": "^28.8.3",
+    "eslint-plugin-import": "^2.31.0",
+    "eslint-plugin-jest": "^28.9.0",
     "eslint-plugin-prettier": "^5.2.1",
-    "eslint-plugin-promise": "^7.1.0",
-    "eslint-plugin-tsdoc": "^0.3.0",
+    "eslint-plugin-promise": "^7.2.1",
+    "eslint-plugin-tsdoc": "^0.4.0",
     "eslint-plugin-unused-imports": "^4.1.4",
     "jest": "29.7.0",
     "jssha": "^3.2.0",
-    "prettier": "^3.3.3",
+    "prettier": "^3.4.2",
     "ts-jest": "^29.2.5",
     "ts-node": "^10.9.2",
-    "typescript": "^5.6.2"
+    "typescript": "^5.7.2"
   }
 }
diff --git a/tests_zemu/snapshots/fl-mainmenu/00004.png b/tests_zemu/snapshots/fl-mainmenu/00004.png
diff --git a/tests_zemu/snapshots/s-mainmenu/00005.png b/tests_zemu/snapshots/s-mainmenu/00005.png
diff --git a/tests_zemu/snapshots/s-mainmenu/00009.png b/tests_zemu/snapshots/s-mainmenu/00009.png
diff --git a/tests_zemu/snapshots/sp-mainmenu/00005.png b/tests_zemu/snapshots/sp-mainmenu/00005.png
diff --git a/tests_zemu/snapshots/sp-mainmenu/00009.png b/tests_zemu/snapshots/sp-mainmenu/00009.png
diff --git a/tests_zemu/snapshots/st-mainmenu/00004.png b/tests_zemu/snapshots/st-mainmenu/00004.png
diff --git a/tests_zemu/snapshots/x-mainmenu/00005.png b/tests_zemu/snapshots/x-mainmenu/00005.png
diff --git a/tests_zemu/snapshots/x-mainmenu/00009.png b/tests_zemu/snapshots/x-mainmenu/00009.png
+18 −0		app/ui/view.c
+8 −0		app/ui/view.h
+22 −0		app/ui/view_internal.h
+107 −7		app/ui/view_s.c
+92 −0		app/ui/view_x.c
+2 −2		include/zxversion.h