Browse Source

Merge #11081: Add length check for CExtKey deserialization (jonasschnelli, guidovranken)

07685d1 Add length check for CExtKey deserialization (Jonas Schnelli)

Pull request description:

  Fix a potential overwrite or uninitialised data issue.
  That code part is currently unused (at least in Bitcoin Core).
  We already do the same check `CExtPubKey`.

  Reported by @guidovranken

Tree-SHA512: 069ac5335248cf890491bc019537d3b0f7481428a4b240c5cd28ee89b56f4c9f45d947dd626fe89b2fae58472b6dbef57ed909876efe9963e2d72380d17cff12
0.16
Wladimir J. van der Laan 7 years ago
parent
commit
9f60b3707d
No known key found for this signature in database
GPG Key ID: 1E4AED62986CD25D
  1. 2
      src/key.h

2
src/key.h

@ -172,6 +172,8 @@ struct CExtKey {
{ {
unsigned int len = ::ReadCompactSize(s); unsigned int len = ::ReadCompactSize(s);
unsigned char code[BIP32_EXTKEY_SIZE]; unsigned char code[BIP32_EXTKEY_SIZE];
if (len != BIP32_EXTKEY_SIZE)
throw std::runtime_error("Invalid extended key size\n");
s.read((char *)&code[0], len); s.read((char *)&code[0], len);
Decode(code); Decode(code);
} }

Loading…
Cancel
Save