Skip to content

Commit

Permalink
dev: chg: solve codeQL high vulns
Browse files Browse the repository at this point in the history
  • Loading branch information
@marcello33
marcello33 committed Oct 10, 2023
1 parent 5b84f20 commit fd596aa
Show file tree
Hide file tree
Showing 4 changed files with 29 additions and 5 deletions.
9 changes: 8 additions & 1 deletion accounts/usbwallet/trezor.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -306,7 +306,14 @@ func (w *trezorDriver) trezorExchange(req proto.Message, results ...proto.Messag
return 0, err
}

payload := make([]byte, 8+len(data))
var payload []byte

if 8+len(data) > 64*1024*1024 {
payload = make([]byte, 0)
} else {
payload = make([]byte, 8+len(data))

Check failure

Code scanning / CodeQL

Size computation for allocation may overflow High

This operation, which is used in an
allocation
Loading
, involves a
potentially large value
Loading
and might overflow.
}

copy(payload, []byte{0x23, 0x23})
binary.BigEndian.PutUint16(payload[2:], trezor.Type(req))
binary.BigEndian.PutUint32(payload[4:], uint32(len(data)))
Expand Down
8 changes: 6 additions & 2 deletions core/vm/contract.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
package vm

import (
"math"
"math/big"

"github.com/ethereum/go-ethereum/common"
Expand Down Expand Up @@ -146,8 +147,11 @@ func (c *Contract) AsDelegate() *Contract {

// GetOp returns the n'th element in the contract's byte array
func (c *Contract) GetOp(n uint64) OpCode {
if n < uint64(len(c.Code)) {
return OpCode(c.Code[n])
if n > 0 && n <= math.MaxUint16 {
if n < uint64(len(c.Code)) {
return OpCode(c.Code[n])

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types High

Incorrect conversion of a 64-bit integer from
strconv.ParseUint
Loading
to a lower bit size type uint8 without an upper bound check.
}

}

return STOP
Expand Down
9 changes: 9 additions & 0 deletions log/logger.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,11 @@ func (l *logger) New(ctx ...interface{}) Logger {

func newContext(prefix []interface{}, suffix []interface{}) []interface{} {
normalizedSuffix := normalize(suffix)

if len(prefix)+len(normalizedSuffix) > 64*1024*1024 {
return make([]interface{}, 0)
}

newCtx := make([]interface{}, len(prefix)+len(normalizedSuffix))
n := copy(newCtx, prefix)
copy(newCtx[n:], normalizedSuffix)
Expand Down Expand Up @@ -326,6 +331,10 @@ type Lazy struct {
type Ctx map[string]interface{}

func (c Ctx) toArray() []interface{} {
if len(c)*2 > 64*1024*1024 {
return make([]interface{}, 0)
}

arr := make([]interface{}, len(c)*2)

i := 0
Expand Down
8 changes: 6 additions & 2 deletions p2p/enode/localnode.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package enode
import (
"crypto/ecdsa"
"fmt"
"math"
"net"
"reflect"
"strconv"
Expand Down Expand Up @@ -211,8 +212,11 @@ func (ln *LocalNode) SetFallbackUDP(port int) {
ln.mu.Lock()
defer ln.mu.Unlock()

ln.endpoint4.fallbackUDP = uint16(port)
ln.endpoint6.fallbackUDP = uint16(port)
if port > 0 && port <= math.MaxUint16 {
ln.endpoint4.fallbackUDP = uint16(port)
ln.endpoint6.fallbackUDP = uint16(port)
}

ln.updateEndpoints()
}

Expand Down

0 comments on commit fd596aa

Please sign in to comment.