fix buffer overrun issue (#470) where initialization with random bytes ignored the passed length and used a fixed length of 32 bytes. This results in only the first 32 bytes of larger objects being initialized, and overruns beyond the end for smaller objects.

Author: mloit

Sources/web3swift/Convenience/Data+Extension.swift

@@ -65,7 +65,7 @@ public extension Data {
             let result = data.withUnsafeMutableBytes { (body: UnsafeMutableRawBufferPointer) -> Int32? in
                 if let bodyAddress = body.baseAddress, body.count > 0 {
                     let pointer = bodyAddress.assumingMemoryBound(to: UInt8.self)
-                    return SecRandomCopyBytes(kSecRandomDefault, 32, pointer)
+                    return SecRandomCopyBytes(kSecRandomDefault, length, pointer)
                 } else {
                     return nil
                 }

Sources/web3swift/Convenience/SECP256k1.swift

@@ -343,7 +343,7 @@ extension SECP256K1 {
             let result = data.withUnsafeMutableBytes { (mutableRBBytes) -> Int32? in
                 if let mutableRBytes = mutableRBBytes.baseAddress, mutableRBBytes.count > 0 {
                     let mutableBytes = mutableRBytes.assumingMemoryBound(to: UInt8.self)
-                    return SecRandomCopyBytes(kSecRandomDefault, 32, mutableBytes)
+                    return SecRandomCopyBytes(kSecRandomDefault, length, mutableBytes)
                 } else {
                     return nil
                 }

Sources/web3swift/KeystoreManager/EthereumKeystoreV3.swift

@@ -96,7 +96,7 @@ public class EthereumKeystoreV3: AbstractKeystore {
         if (keyData == nil) {
             throw AbstractKeystoreError.encryptionError("Encryption without key data")
         }
-        let saltLen = 32;
+        let saltLen = 32
         guard let saltData = Data.randomBytes(length: saltLen) else {
             throw AbstractKeystoreError.noEntropyError
         }