partially revert afc2e8100a
Turns out that there are some signatures in the bitcoin blockchain that have trailing 0s, for example 12a1b29fd6c295075b6a66f5fd90f0126ceb1fda4f15e4b44d92518bd52a5cdf has a signature length of 0x45 where there are 0x47 bytes following that length check (one is hashtype and is supposed to be trimmed out prior to calling the function). We relax the paranoid length check to permit traling data, but not to permit buffers that are too short. Change the test to passing with a big comment stating why this is now considered a valid case.
This commit is contained in:
Owain G. Ainsworth
parent
031437decf
commit
ba51aa8934
2 changed files with 8 additions and 2 deletions
|
|
@ -43,7 +43,7 @@ func ParseSignature(sigStr []byte, curve elliptic.Curve) (*Signature, error) {
|
|||
// length of remaining message
|
||||
siglen := sigStr[index]
|
||||
index++
|
||||
if int(siglen+2) != len(sigStr) {
|
||||
if int(siglen+2) > len(sigStr) {
|
||||
return nil, errors.New("malformed signature: bad length")
|
||||
}
|
||||
// trim the slice we're working on so we only look at what matters.
|
||||
|
|
|
|||
|
|
@ -151,7 +151,13 @@ var signatureTests = []signatureTest{
|
|||
0x9d, 0x83, 0x1c, 0xc5, 0x6c, 0xbb, 0xac, 0x46, 0x22,
|
||||
0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09, 0x01,
|
||||
},
|
||||
isValid: false,
|
||||
|
||||
// This test is now passing (used to be failing) because there
|
||||
// are signatures in the blockchain that have trailing zero
|
||||
// bytes before the hashtype. So ParseSignature was fixed to
|
||||
// permit buffers with trailing nonsense after the actual
|
||||
// signature.
|
||||
isValid: true,
|
||||
},
|
||||
signatureTest{
|
||||
name: "X == N ",
|
||||
|
|
|
|||
Loading…
Reference in a new issue