Address issues identified by external review:

* RIPD-1617, RIPD-1619, RIPD-1621: Verify serialized public keys more strictly before using them. * RIPD-1618: * Simplify the base58 decoder logic. * Reduce the complexity of the base58 encoder and eliminate a potential out-of-bounds memory access. * Improve type safety by using an `enum class` to enforce strict type checking for token types. * RIPD-1616: Avoid calling `memcpy` with a null pointer even if the size is specified as zero, since it results in undefined behavior. Acknowledgements: Ripple thanks Guido Vranken for responsibly disclosing these issues. Bug Bounties and Responsible Disclosures: We welcome reviews of the rippled code and urge researchers to responsibly disclose any issues that they may find. For more on Ripple's Bug Bounty program, please visit: https://ripple.com/bug-bounty
2026-06-03 00:36:37 +00:00 · 2018-03-15 20:58:05 -07:00
parent 25de6b0a5f
commit d5f981f5fc
47 changed files with 393 additions and 264 deletions
--- a/src/ripple/protocol/impl/Serializer.cpp
+++ b/src/ripple/protocol/impl/Serializer.cpp
@@ -519,10 +519,16 @@ T SerialIter::getRawHelper (int size)
        Throw<std::runtime_error> (
            "invalid SerialIter getRaw");
    T result (size);
-    memcpy(result.data (), p_, size);
-    p_ += size;
-    used_ += size;
-    remain_ -= size;
+    if (size != 0)
+    {
+        // It's normally safe to call memcpy with size set to 0 (see the
+        // C99 standard 7.21.1/2). However, here this could mean that
+        // result.data would be null, which would trigger undefined behavior.
+        std::memcpy(result.data(), p_, size);
+        p_ += size;
+        used_ += size;
+        remain_ -= size;
+    }
    return result;
 }