Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Release #127

Merged
merged 2 commits into from
Nov 6, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
improve buffer checks
  • Loading branch information
chcmedeiros committed Nov 6, 2024
commit 90c1f0bc2bfde2728af1861f3d9ab8be70bbc237
2 changes: 1 addition & 1 deletion app/Makefile.version
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@ APPVERSION_M=2
# This is the `spec_version` field of `Runtime`
APPVERSION_N=35
# This is the patch version of this release
APPVERSION_P=25
APPVERSION_P=26
8 changes: 8 additions & 0 deletions app/src/common/parser_common.h
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,14 @@ extern "C" {
#include <stdint.h>
#include <stddef.h>

#if defined(TARGET_NANOS2) || defined(TARGET_STAX) || defined(TARGET_FLEX)
#define TX_BUFFER_SIZE 16384
#elif defined(TARGET_NANOX)
#define TX_BUFFER_SIZE 16384
#elif defined(TARGET_NANOS)
#define TX_BUFFER_SIZE 8192
#endif

#define CHECK_PARSER_ERR(__CALL) { \
parser_error_t __err = __CALL; \
CHECK_APP_CANARY() \
Expand Down
8 changes: 8 additions & 0 deletions app/src/json/json_parser.c
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,14 @@
#define EQUALS(_P, _Q, _LEN) (MEMCMP( (const void*) PIC(_P), (const void*) PIC(_Q), (_LEN))==0)

parser_error_t json_parse(parsed_json_t *parsed_json, const char *buffer, uint16_t bufferLen) {
// This check was previously implemented to prevent, here we want to avoid false positives.
// It is especially important in fuzzing environments where this check was omitted.
#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX) || defined(TARGET_FLEX)
if (bufferLen > TX_BUFFER_SIZE) {
return parser_context_unexpected_size;
}
#endif

jsmn_parser parser;
jsmn_init(&parser);

Expand Down
21 changes: 13 additions & 8 deletions app/src/tx_validate.c
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ int8_t is_space(char c) {
return 0;
}

int8_t contains_whitespace(parsed_json_t *json) {
parser_error_t contains_whitespace(parsed_json_t *json) {
int start = 0;
const int last_element_index = json->tokens[0].end;

Expand All @@ -47,21 +47,26 @@ int8_t contains_whitespace(parsed_json_t *json) {
const int end = json->tokens[i].start;
for (int j = start; j < end; j++) {
if (is_space(json->buffer[j]) == 1) {
return 1;
return parser_json_contains_whitespace;
}
}
start = json->tokens[i].end + 1;
} else {
return 0;
return parser_ok;
}
}

if (start < 0) {
return parser_json_unexpected_error;
}

while (start < last_element_index && json->buffer[start] != '\0') {
if (is_space(json->buffer[start])) {
return 1;
return parser_json_contains_whitespace;
}
start++;
}
return 0;
return parser_ok;
}

int8_t is_sorted(uint16_t first_index,
Expand Down Expand Up @@ -128,16 +133,16 @@ int8_t dictionaries_sorted(parsed_json_t *json) {
}

parser_error_t tx_validate(parsed_json_t *json) {
if (contains_whitespace(json) == 1) {
return parser_json_contains_whitespace;
parser_error_t err = contains_whitespace(json);
if (err != parser_ok) {
return err;
}

if (dictionaries_sorted(json) != 1) {
return parser_json_is_not_sorted;
}

uint16_t token_index;
parser_error_t err;

err = object_get_value(json, 0, "chain_id", &token_index);
if (err != parser_ok)
Expand Down