Fix Audit security comments #202

ajinkyaraj-23 · 2024-02-09T16:24:37Z

in app/src/apdu_sign.c : 486, buffer’s content as to be zeroized (i.e.,cleared). For this, only the buffer size was reset to zero. In doing so, the data persists in memory, with the risk of being read by another channel.

Reset the buffer and not just its size.
Initialize pressed_right in ui_stream.c and ui_stream_nbgl.c
Fix TODO/NOTE and other comments - check app/src/ui_stream_nbgl.c: 352-354 and app/src/globals.h: 122
Remove redundant check for global.step in app/src/apdu_sign.c : 486
<=0 check is not correct for unsigned int. Fix at app/src/parser/operation_parser.c: 418
fix printf format specifier incompatibility at app/src/apdu_sign.c : 585

The text was updated successfully, but these errors were encountered:

ajinkyaraj-23 added the app::wallet issues relating to the wallet app label Feb 9, 2024

ajinkyaraj-23 added this to the Wallet: v3.0.0 - security audit milestone Feb 9, 2024

ajinkyaraj-23 self-assigned this Feb 9, 2024

ajinkyaraj-23 changed the title ~~Reset buffer if we dont return the hash~~ Fix Audit security comments Feb 9, 2024

ajinkyaraj-23 mentioned this issue Feb 9, 2024

Address audit report comments #203

Merged

ajinkyaraj-23 linked a pull request Feb 9, 2024 that will close this issue

Address audit report comments #203

Merged

ajinkyaraj-23 closed this as completed in #203 Feb 14, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix Audit security comments #202

Fix Audit security comments #202

ajinkyaraj-23 commented Feb 9, 2024 •

edited

Loading

Fix Audit security comments #202

Fix Audit security comments #202

Comments

ajinkyaraj-23 commented Feb 9, 2024 • edited Loading

ajinkyaraj-23 commented Feb 9, 2024 •

edited

Loading