add extra validation to prevent invalid public keys being used. (as per issue 39)

2016-02-09 23:27:34 +00:00 · 2016-02-09 23:27:34 +00:00 · 27c9bff17e
commit 27c9bff17e
parent c276998687
1 changed files with 15 additions and 12 deletions
--- a/js/coin.js
+++ b/js/coin.js
@ -278,6 +278,7 @@

 	/* decompress an compressed public key */
 	coinjs.pubkeydecompress = function(pubkey) {
+		if((typeof(pubkey) == 'string') && pubkey.match(/^[a-f0-9]+$/i)){
 			var curve = EllipticCurve.getSECCurveByName("secp256k1");
 			try {
 				var pt = curve.curve.decodePointHex(pubkey);
@ -293,6 +294,8 @@
 				return false;
 			}
 		}
+		return false;
+	}

 	coinjs.testdeterministicK = function() {
 		// https://github.com/bitpay/bitcore/blob/9a5193d8e94b0bd5b8e7f00038e7c0b935405a03/test/crypto/ecdsa.js