From ea4a30016f7857ec44a54d0c8481b29a7065405e Mon Sep 17 00:00:00 2001 From: legobt <6wbvkn0j@anonaddy.me> Date: Tue, 2 May 2023 02:35:05 +0000 Subject: [PATCH 1/2] keyring-controller: throw explicit error on undefined result from normalizeAddress --- packages/keyring-controller/src/KeyringController.ts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/packages/keyring-controller/src/KeyringController.ts b/packages/keyring-controller/src/KeyringController.ts index cb69819234..8311c151d9 100644 --- a/packages/keyring-controller/src/KeyringController.ts +++ b/packages/keyring-controller/src/KeyringController.ts @@ -493,6 +493,11 @@ export class KeyringController extends BaseController< ) { try { const address = normalizeAddress(messageParams.from); + if (!address?.length) { + throw new Error( + `Missing or invalid address ${JSON.stringify(messageParams.from)}`, + ); + } const qrKeyring = await this.getOrAddQRKeyring(); const qrAccounts = await qrKeyring.getAccounts(); if ( @@ -751,6 +756,8 @@ export class KeyringController extends BaseController< }; }); } catch (e) { + // TODO: Add test case for when keyring throws + /* istanbul ignore next */ throw new Error(`Unspecified error when connect QR Hardware, ${e}`); } } From 67d33ef175db7be65786053d3f0c1d338c8c0563 Mon Sep 17 00:00:00 2001 From: legobt <6wbvkn0j@anonaddy.me> Date: Tue, 2 May 2023 22:59:55 +0000 Subject: [PATCH 2/2] key-controller: validate sender address before attempting signature --- packages/keyring-controller/src/KeyringController.ts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/packages/keyring-controller/src/KeyringController.ts b/packages/keyring-controller/src/KeyringController.ts index 8311c151d9..70b3b290f9 100644 --- a/packages/keyring-controller/src/KeyringController.ts +++ b/packages/keyring-controller/src/KeyringController.ts @@ -6,6 +6,10 @@ import { stripHexPrefix, getBinarySize, } from 'ethereumjs-util'; +import { + isValidHexAddress, + toChecksumHexAddress, +} from '@metamask/controller-utils'; import { normalize as normalizeAddress, signTypedData, @@ -28,7 +32,6 @@ import { PersonalMessageParams, TypedMessageParams, } from '@metamask/message-manager'; -import { toChecksumHexAddress } from '@metamask/controller-utils'; /** * Available keyring types @@ -493,7 +496,7 @@ export class KeyringController extends BaseController< ) { try { const address = normalizeAddress(messageParams.from); - if (!address?.length) { + if (!address || !isValidHexAddress(address)) { throw new Error( `Missing or invalid address ${JSON.stringify(messageParams.from)}`, );