Fixing the memory corruption issue.

LedgerHQ · Jan 24, 2025 · a81f619 · a81f619
1 parent 566651d
commit a81f619
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 10 deletions.
diff --git a/src/handler/get_public_key.c b/src/handler/get_public_key.c
@@ -73,7 +73,7 @@
 int get_public_key(buffer_t *cdata,
                     uint8_t *output_bip32_path_len,
                     uint32_t *output_bip32_path,
-                    uint8_t *output_public_key) {
+                    pubkey_ctx_t *output_pubkey_ctx) {
     if (!buffer_read_u8(cdata, output_bip32_path_len)) {
         return io_send_sw(SW_WRONG_DATA_LENGTH);
     }
@@ -89,9 +89,8 @@ int get_public_key(buffer_t *cdata,
     // TODO(jmartins): review if chain code should come from G_context or needs to be specified
     // for the use (ie: SWAP or GET_PUBLIC_KEY)
     cx_ecfp_private_key_t private_key = {0};
-    uint32_t chaincode[32];
     cx_err_t error = crypto_derive_private_key(&private_key,
-                                               G_context.pk_info.chain_code,
+                                               output_pubkey_ctx->chain_code,
                                                output_bip32_path,
                                                *output_bip32_path_len);
     if (error != CX_OK) {
@@ -100,8 +99,8 @@ int get_public_key(buffer_t *cdata,
     }
 
     // generate corresponding public key
-    cx_ecfp_private_key_t public_key = {0};
-    error = crypto_init_public_key(&private_key, &public_key, output_public_key);
+    cx_ecfp_public_key_t public_key = {0};
+    error = crypto_init_public_key(&private_key, &public_key, output_pubkey_ctx->raw_public_key);
     // Wipe the private key from memory
     explicit_bzero(&private_key, sizeof(private_key));
 
@@ -122,7 +121,7 @@ int handler_get_public_key(buffer_t *cdata, bool display) {
     int err = get_public_key(cdata,
                             &G_context.bip32_path_len,
                             G_context.bip32_path,
-                            &G_context.pk_info.raw_public_key[0]);
+                            &G_context.pk_info);
 
     if (err) {
         G_context.req_type = REQUEST_UNDEFINED;

diff --git a/src/handler/get_public_key.h b/src/handler/get_public_key.h
@@ -45,4 +45,4 @@ int handler_get_public_key(buffer_t *cdata, bool display);
 int get_public_key(buffer_t *cdata,
                     uint8_t *output_bip32_path_len,
                     uint32_t output_bip32_path[MAX_BIP32_PATH],
-                    uint8_t *output_public_key);
+                    pubkey_ctx_t *output_public_key);
diff --git a/src/swap/handle_check_address.c b/src/swap/handle_check_address.c
@@ -18,8 +18,10 @@
 #ifdef HAVE_SWAP
 #include <string.h>
 #include "swap.h"
-#include "../handler/get_public_key.h"
 #include "os.h"
+#include "../address.h"
+#include "../handler/get_public_key.h"
+#include "../common/user_format.h"
 
 // The address string lenght is 66, 2 characters for the prefix and 64 for the address
 #define ADDRESS_STRING_LENGTH 66
@@ -64,14 +66,14 @@ void swap_handle_check_address(check_address_parameters_t *params) {
 
     uint8_t bip32_path_len;
     uint32_t bip32_path[MAX_BIP32_PATH];
-    uint8_t public_key[32];
+    pubkey_ctx_t public_key;
     if (get_public_key(&cdata, &bip32_path_len, bip32_path, &public_key) != 0) {
         PRINTF("get_public_key failed\n");
         return;
     }
     // Calculate the address from the public key, and decode it to readable format
     uint8_t address[ADDRESS_LEN] = {0};
-    if (!address_from_pubkey(public_key, address, sizeof(address))) {
+    if (!address_from_pubkey(public_key.raw_public_key, address, sizeof(address))) {
         return;
     }
     char prefixed_address[ADDRESS_STRING_LENGTH + 1];