search

LedgerHQ / app-near

Ledger repo for Near app
MIT License
11 stars 9 forks source link

overflow bug #39

Open tdejoigny-ledger opened 4 months ago

tdejoigny-ledger commented 4 months ago

When playing these two APDUs :

80020057fb8000002c8000018d800000008000000080000000400000003636376436643634353163343565336433613466383463666465616466333561623538623731373235623866366636313036326465386335383134353264666100667d6d6451c45e3d3a4f84cfdeadf35ab58b71725b8f6f61062de8c581452dfacbd4d7f55f6a00001b0000006c656467657262796669676d656e742e706f6f6c76312e6e656172226c616268952a2a0d7d506c6522df048e03705f2ffdd754b8a5eb78f5b54b2e010000000207000000756e7374616b65250000007b22616d6f756e74223a22313030303136333030383237333836343931363835353633227d00d0

800280571698d4af71000000000000000000000000000000000000

It works the first and second time, but on the third attempt the first APDU returns 0x6990

We see in the Speculos output :

printf: Buffer used: 231

The value increases everytime an APDU is received and, at one point :

printf: Buffer used: 526

It overflows at this check https://github.com/LedgerHQ/app-near/blob/develop/workdir/app-near/src/sign_transaction.c#L363

dj8yfo commented 4 months ago

likely a duplicate of problem, solved by not merged https://github.com/LedgerHQ/app-near/pull/31

will be fixed by release of https://github.com/dj8yfo/app-near-rs rust app is not affected by this issue, as following 2 APDUs used three times in a row in Speculos: 

[2024-04-25T10:51:07Z INFO  near_ledger] APDU  in (0): 80020057fa8000002c8000018d800000008000000080000001400000006334663539343165383165303731633266643164616532653731666433643835396434363234383433393164396139306266323139323131646362623332306600c4f5941e81e071c2fd1dae2e71fd3d859d462484391d9a90bf219211dcbb320f85aae733385e00004000000064633765333465656365633330393661346136363165313039333238333466383031313439633439646261396239333332326636643964653138303437663963ac299ac1376e375cd39338d8b29225613ef947424b74a3207c1226863a72583101000000040000e82982269b2408f5000000000000
[2024-04-25T10:51:07Z INFO  near_ledger] APDU  in (last): 80028057410161dd29ada831ab894b465a656c86c557c5008156da0909c4a281f5c8d9ee3de837534833badf7ad41a5e83071908af7d4f2ae835c9d9aceb48cfb47a4c96509b

produce three identical signatures starting with 0183...