Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The parse_z function should fail when parsing a number that does not fit in 64 bits. #29

Open
chambart opened this issue Oct 21, 2018 · 1 comment
Open

The parse_z function should fail when parsing a number that does not fit in 64 bits. #29

chambart opened this issue Oct 21, 2018 · 1 comment

Comments

@chambart
Copy link

Numbers larger than 2^64 are truncated by parse_z. It's ok not to be able to parse it, but this should be an error rather than silently dropping some bits. This could be exploited by an attacker to trick the user into signing a transaction with a small amount while the real one is a lot larger. Of course right now this can't be exploited because there are not enough tokens on the network to account for such a transfer.

ledger-app-tezos/src/operations.c

Lines 70 to 82 in 1b19a26

static inline uint64_t parse_z(const void *data, size_t *ix, size_t length, uint32_t lineno) {
uint64_t acc = 0;
uint64_t shift = 0;
while (true) {
uint64_t byte = next_byte(data, ix, length, lineno);
acc |= (byte & 0x7F) << shift;
shift += 7;
if (!(byte & 0x80)) {
break;
}
}
return acc;
}

@jhartzell42
Copy link
Collaborator

As far as we know, this isn't exploitable, as the protocol would not incorporate such an operation, but we will fix this soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jhartzell42 @chambart