From b283b0eb925b56839174fb6227149556da2a029e Mon Sep 17 00:00:00 2001
From: Oliver Gugger <gugger@gmail.com>
Date: Mon, 20 Jul 2020 15:02:03 +0200
Subject: [PATCH] psbt: don't remove non-witness UTXO for segwit v0

As a countermeasure to CVE-2020-14199 new HW wallet firmwares require
the full non-witness UTXO to be set even for witness inputs.
We therefore shouldn't remove it when signing.
---
 psbt/signer.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/psbt/signer.go b/psbt/signer.go
index 9680c90..5882653 100644
--- a/psbt/signer.go
+++ b/psbt/signer.go
@@ -142,8 +142,11 @@ func nonWitnessToWitness(p *Packet, inIndex int) error {
 	outIndex := p.UnsignedTx.TxIn[inIndex].PreviousOutPoint.Index
 	txout := p.Inputs[inIndex].NonWitnessUtxo.TxOut[outIndex]
 
-	// Remove the non-witness first, else sanity check will not pass:
-	p.Inputs[inIndex].NonWitnessUtxo = nil
+	// TODO(guggero): For segwit v1, we'll want to remove the NonWitnessUtxo
+	// from the packet. For segwit v0 it is unsafe to only rely on the
+	// witness UTXO. See https://github.com/bitcoin/bitcoin/pull/19215.
+	// p.Inputs[inIndex].NonWitnessUtxo = nil
+
 	u := Updater{
 		Upsbt: p,
 	}