Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address audit report comments #203

Merged
merged 5 commits into from
Feb 14, 2024
Merged

Address audit report comments #203

merged 5 commits into from
Feb 14, 2024

Conversation

ajinkyaraj-23
Copy link
Collaborator

fixes #202

@ajinkyaraj-23 ajinkyaraj-23 added the app::wallet issues relating to the wallet app label Feb 9, 2024
@ajinkyaraj-23 ajinkyaraj-23 self-assigned this Feb 9, 2024
@ajinkyaraj-23 ajinkyaraj-23 linked an issue Feb 9, 2024 that may be closed by this pull request
Fix Audit security comments #202
Closed
6 tasks
@ajinkyaraj-23 ajinkyaraj-23 force-pushed the ajinkyaraj-23@202-reset-buffer-if-we-dont-return-the-hash branch 5 times, most recently from 6ac03c4 to b3f6497 Compare February 13, 2024 10:45
@ajinkyaraj-23 ajinkyaraj-23 changed the title Reset entire buffer not just its size Address audit report comments Feb 13, 2024
@ajinkyaraj-23 ajinkyaraj-23 force-pushed the ajinkyaraj-23@202-reset-buffer-if-we-dont-return-the-hash branch from b3f6497 to 84a4c2a Compare February 13, 2024 10:49
@ajinkyaraj-23 ajinkyaraj-23 marked this pull request as ready for review February 13, 2024 10:49
@ajinkyaraj-23 ajinkyaraj-23 force-pushed the ajinkyaraj-23@202-reset-buffer-if-we-dont-return-the-hash branch 9 times, most recently from f19880d to 982a2fd Compare February 13, 2024 16:19
spalmer25
spalmer25 reviewed Feb 13, 2024
View reviewed changes
Copy link
Collaborator

@spalmer25 spalmer25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

app/src/apdu.c
@@ -1,7 +1,5 @@
/* Tezos Ledger application - Some common primitives and some command handlers

TODO: split this file (apdu primitives and apdu handlers)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure whether we have any trace of these TODOs.
Could you open an issue to make sure we don't forget them?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created issues #207 #208 and #209

Copy link
Collaborator

@spalmer25 spalmer25 Feb 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about this one in app/src/ui_stream_nbgl.c ?

        // TODO: this is handled by change_screen_right except we disable it
        // to use it here. We should make ui_stream fully compatible with
        // exception.h

Is this TODO outdated ?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created #211 .

@ajinkyaraj-23 ajinkyaraj-23 force-pushed the ajinkyaraj-23@202-reset-buffer-if-we-dont-return-the-hash branch from 982a2fd to 5b4e04c Compare February 13, 2024 17:01
@ajinkyaraj-23
Copy link
Collaborator Author

Rebased on main.

spalmer25
spalmer25 reviewed Feb 14, 2024
View reviewed changes
Copy link
Collaborator

@spalmer25 spalmer25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a forgotten FIXME in

ledger-app-tezos-wallet/app/src/ui_stream.h

Lines 154 to 155 in 5b4e04c

// FIXME: workaround for issue with non-local control flow. Remove once
// fixed see !66

@ajinkyaraj-23 ajinkyaraj-23 force-pushed the ajinkyaraj-23@202-reset-buffer-if-we-dont-return-the-hash branch from 5b4e04c to a00fe3a Compare February 14, 2024 10:21
@ajinkyaraj-23
Copy link
Collaborator Author

There is a forgotten FIXME in

ledger-app-tezos-wallet/app/src/ui_stream.h

Lines 154 to 155 in 5b4e04c

// FIXME: workaround for issue with non-local control flow. Remove once
// fixed see !66

Fixed. The issue is same as #211

@ajinkyaraj-23 ajinkyaraj-23 force-pushed the ajinkyaraj-23@202-reset-buffer-if-we-dont-return-the-hash branch from a00fe3a to 4da7ac4 Compare February 14, 2024 10:55
@spalmer25 spalmer25 self-requested a review February 14, 2024 11:11
@ajinkyaraj-23 ajinkyaraj-23 merged commit fd56c4d into main Feb 14, 2024
110 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spalmer25 spalmer25 spalmer25 approved these changes

Assignees

@ajinkyaraj-23 ajinkyaraj-23

Labels
app::wallet issues relating to the wallet app
Projects
None yet
Milestone
Wallet: v3.0.3 - security audit
Development

Successfully merging this pull request may close these issues.

Fix Audit security comments
2 participants
@ajinkyaraj-23 @spalmer25