Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

newline \n and carriage return \r problems with MultiFieldReview<'a> #146

Open
dj8yfo opened this issue Mar 19, 2024 · 1 comment
Open

newline \n and carriage return \r problems with MultiFieldReview<'a> #146

dj8yfo opened this issue Mar 19, 2024 · 1 comment

Comments

@dj8yfo
Copy link

dj8yfo commented Mar 19, 2024

A newline '\n' added to payload behaves differently on different platforms:

  1. nanos in speculos emulator (test passes) - newline char is displayed as empty string "" , hidden part of my_field.value is displayed
  2. nanos on actual device - newline char is displayed as ?, hidden part of my_field.value is not displayed. this can be potentially used by misbehaving client to hide parts of message from clear signing.
  3. nanosp and nanox in speculos - both crash with a panic 0xe000

Same details reiterated in LedgerHQ/app-boilerplate-rust#55

Similar issue was observed with \r.
@dj8yfo
Copy link
Author

dj8yfo commented Mar 19, 2024

as one of potential source of problems offset_c may be checked to be of 0-95 range to prevent out of bounds array access.
All chars below 0x20 may be coerced to SPACE with saturating_sub.

Controlling that *c as usize - 0x20 is not greater than 95 is related to #124

This was referenced Mar 19, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dj8yfo