-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
newline \n
and carriage return \r
problems with MultiFieldReview<'a>
#146
Comments
as one of potential source of problems offset_c may be checked to be of 0-95 range to prevent out of bounds array access. Controlling that |
This was referenced Mar 19, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A newline
'\n'
added to payload behaves differently on different platforms:nanos
in speculos emulator (test passes) - newline char is displayed as empty string""
,hidden part
ofmy_field.value
is displayednanos
on actual device - newline char is displayed as ?,hidden part
ofmy_field.value
is not displayed. this can be potentially used by misbehaving client to hide parts of message from clear signing.nanosp
andnanox
in speculos - both crash with a panic0xe000
Same details reiterated in LedgerHQ/app-boilerplate-rust#55
Similar issue was observed with
\r
.The text was updated successfully, but these errors were encountered: