From 3121f057f1c45a85aebb29f312ffd23943cb1bdf Mon Sep 17 00:00:00 2001 From: "pwnh4 (@loicttn)" Date: Mon, 16 Dec 2024 11:43:56 +0100 Subject: [PATCH] fix(ocv2): invalid parser state transition when empty arrays --- src/provide_parameter/ocv2.c | 37 ++++++++++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/src/provide_parameter/ocv2.c b/src/provide_parameter/ocv2.c index 8656aec..5dc5698 100644 --- a/src/provide_parameter/ocv2.c +++ b/src/provide_parameter/ocv2.c @@ -256,7 +256,7 @@ void handle_v2_multiclaim(ethPluginProvideParameter_t *msg, context_t *context) U2BE_from_parameter(msg->parameter, ¶ms->parent_item_count); params->current_item_count = params->parent_item_count; if (params->current_item_count == 0) { - context->next_param = V2_MULTICLAIM_TICKETIDS__ITEM_LENGTH; + context->next_param = V2_MULTICLAIM_CASKIDS_LENGTH; } else { context->next_param = V2_MULTICLAIM_TICKETIDS__OFFSET_ITEMS; } @@ -328,7 +328,21 @@ void handle_v2_multiclaim(ethPluginProvideParameter_t *msg, context_t *context) U2BE_from_parameter(msg->parameter, ¶ms->current_item_count); if (params->current_item_count == 0) { - context->next_param = V2_MULTICLAIM_CASKIDS_LENGTH; + if (params->parent_item_count > 0) { + params->parent_item_count -= 1; + } + if (params->parent_item_count == 0) { + // we check the checksums + if (memcmp(params->checksum_preview, + params->checksum_value, + sizeof(params->checksum_preview)) != 0) { + PRINTF("Tokenids[][] checksums do not match\n"); + msg->result = ETH_PLUGIN_RESULT_ERROR; + return; + } + + context->next_param = V2_MULTICLAIM_CASKIDS_LENGTH; + } } else { context->next_param = V2_MULTICLAIM_TICKETIDS__ITEM__ITEMS; } @@ -378,7 +392,7 @@ void handle_v2_multiclaim(ethPluginProvideParameter_t *msg, context_t *context) U2BE_from_parameter(msg->parameter, ¶ms->parent_item_count); params->current_item_count = params->parent_item_count; if (params->current_item_count == 0) { - context->next_param = V2_MULTICLAIM_CASKIDS__ITEM_LENGTH; + context->next_param = V2_MULTICLAIM_UNEXPECTED_PARAMETER; } else { context->next_param = V2_MULTICLAIM_CASKIDS__OFFSET_ITEMS; } @@ -448,7 +462,22 @@ void handle_v2_multiclaim(ethPluginProvideParameter_t *msg, context_t *context) U2BE_from_parameter(msg->parameter, ¶ms->current_item_count); if (params->current_item_count == 0) { - context->next_param = V2_MULTICLAIM_UNEXPECTED_PARAMETER; + if (params->parent_item_count > 0) { + params->parent_item_count -= 1; + } + + if (params->parent_item_count == 0) { + // we check the checksums + if (memcmp(params->checksum_preview, + params->checksum_value, + sizeof(params->checksum_preview)) != 0) { + PRINTF("Caskids[][] checksums do not match\n"); + msg->result = ETH_PLUGIN_RESULT_ERROR; + return; + } + + context->next_param = V2_MULTICLAIM_UNEXPECTED_PARAMETER; + } } else { context->next_param = V2_MULTICLAIM_CASKIDS__ITEM__ITEMS; }