Merge pull request #163 from Crypt-iQ/psbt_fixes_0409

psbt: fix two deserialization bugs
2020-04-10 17:06:09 -07:00 · 2020-04-10 17:06:09 -07:00 · b2bf7f89d6
commit b2bf7f89d6
parent 8bf941f570 f06d6af2f0
3 changed files with 15 additions and 0 deletions
--- a/psbt/partial_input.go
+++ b/psbt/partial_input.go
@ -141,6 +141,12 @@ func (pi *PInput) deserialize(r io.Reader) error {
 				return ErrInvalidKeydata
 			}

+			// Bounds check on value here since the sighash type must be a
+			// 32-bit unsigned integer.
+			if len(value) != 4 {
+				return ErrInvalidKeydata
+			}
+
 			shtype := txscript.SigHashType(
 				binary.LittleEndian.Uint32(value),
 			)
--- a/psbt/psbt.go
+++ b/psbt/psbt.go
@ -33,6 +33,10 @@ var (
 //less than 4M.
 const MaxPsbtValueLength = 4000000

+// MaxPsbtKeyLength is the length of the largest key that we'll successfully
+// deserialize from the wire. Anything more will return ErrInvalidKeydata.
+const MaxPsbtKeyLength = 10000
+
 var (

 	// ErrInvalidPsbtFormat is a generic error for any situation in which a
--- a/psbt/utils.go
+++ b/psbt/utils.go
@ -237,6 +237,11 @@ func getKey(r io.Reader) (int, []byte, error) {
 		return -1, nil, nil
 	}

+	// Check that we don't attempt to decode a dangerously large key.
+	if count > MaxPsbtKeyLength {
+		return -1, nil, ErrInvalidKeydata
+	}
+
 	// Next, we ready out the designated number of bytes, which may include
 	// a type, key, and optional data.
 	keyTypeAndData := make([]byte, count)