From 7b6d959596575d51107d5a791f21af8fd4737f92 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Fri, 11 Jun 2021 07:11:23 +0000 Subject: [PATCH 1/3] trezor: fix potential use of uninitialized memory CID 1446575 --- src/device_trezor/trezor/transport.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/device_trezor/trezor/transport.cpp b/src/device_trezor/trezor/transport.cpp index 194176413..7a79d8f95 100644 --- a/src/device_trezor/trezor/transport.cpp +++ b/src/device_trezor/trezor/transport.cpp @@ -573,8 +573,13 @@ namespace trezor{ std::string req = "PINGPING"; char res[8]; - m_socket->send_to(boost::asio::buffer(req.c_str(), req.size()), m_endpoint); - receive(res, 8, nullptr, false, timeout); + const auto written = m_socket->send_to(boost::asio::buffer(req.c_str(), req.size()), m_endpoint); + if (written != req.size()) + return false; + memset(res, 0, sizeof(res)); + const auto received = receive(res, 8, nullptr, false, timeout); + if (received != 8) + return false; return memcmp(res, "PONGPONG", 8) == 0; From 67b97a5f16ffbbf920953d75af6f7bf67606bccc Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Fri, 11 Jun 2021 07:51:29 +0000 Subject: [PATCH 2/3] easylogging++: do not delete uninitialized objects CID 1446562 --- external/easylogging++/easylogging++.cc | 1 - 1 file changed, 1 deletion(-) diff --git a/external/easylogging++/easylogging++.cc b/external/easylogging++/easylogging++.cc index f1722f0a1..2fe8d5b9c 100644 --- a/external/easylogging++/easylogging++.cc +++ b/external/easylogging++/easylogging++.cc @@ -714,7 +714,6 @@ Logger::Logger(const std::string& id, const Configurations& configurations, } Logger::Logger(const Logger& logger) { - base::utils::safeDelete(m_typedConfigurations); m_id = logger.m_id; m_typedConfigurations = logger.m_typedConfigurations; m_parentApplicationName = logger.m_parentApplicationName; From 4251cc0b4dd877e5a9619d557f7697fa184c0acd Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Fri, 11 Jun 2021 07:38:14 +0000 Subject: [PATCH 3/3] unit_tests: check for ge_frombytes_vartime failure CID 1446559 --- tests/unit_tests/multiexp.cpp | 2 +- tests/unit_tests/tx_proof.cpp | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/unit_tests/multiexp.cpp b/tests/unit_tests/multiexp.cpp index 722c568da..212aa0e40 100644 --- a/tests/unit_tests/multiexp.cpp +++ b/tests/unit_tests/multiexp.cpp @@ -260,7 +260,7 @@ TEST(multiexp, scalarmult_triple) rct::key res; ge_p3 Gp3; - ge_frombytes_vartime(&Gp3, rct::G.bytes); + ASSERT_EQ(ge_frombytes_vartime(&Gp3, rct::G.bytes), 0); static const rct::key scalars[] = { rct::Z, diff --git a/tests/unit_tests/tx_proof.cpp b/tests/unit_tests/tx_proof.cpp index c5d06bc68..0adb8713e 100644 --- a/tests/unit_tests/tx_proof.cpp +++ b/tests/unit_tests/tx_proof.cpp @@ -58,14 +58,14 @@ TEST(tx_proof, prove_verify_v2) // R_B = rB crypto::public_key R_B; ge_p3 B_p3; - ge_frombytes_vartime(&B_p3,&B); + ASSERT_EQ(ge_frombytes_vartime(&B_p3,&B), 0); ge_p2 R_B_p2; ge_scalarmult(&R_B_p2, &unwrap(r), &B_p3); ge_tobytes(&R_B, &R_B_p2); // R_G = rG crypto::public_key R_G; - ge_frombytes_vartime(&B_p3,&B); + ASSERT_EQ(ge_frombytes_vartime(&B_p3,&B), 0); ge_p3 R_G_p3; ge_scalarmult_base(&R_G_p3, &unwrap(r)); ge_p3_tobytes(&R_G, &R_G_p3); @@ -73,7 +73,7 @@ TEST(tx_proof, prove_verify_v2) // D = rA crypto::public_key D; ge_p3 A_p3; - ge_frombytes_vartime(&A_p3,&A); + ASSERT_EQ(ge_frombytes_vartime(&A_p3,&A), 0); ge_p2 D_p2; ge_scalarmult(&D_p2, &unwrap(r), &A_p3); ge_tobytes(&D, &D_p2);