From f06d6af2f04c664694e29e3b0cddb31ad83609b7 Mon Sep 17 00:00:00 2001
From: nsa <elzeigel@gmail.com>
Date: Wed, 8 Apr 2020 17:54:59 -0400
Subject: [PATCH] psbt: return ErrInvalidKeydata if value isn't a 32-bit uint

This commit fixes a panic when deserializing PSBTs in raw binary.
If the key type was SighashType and the value was not 4 bytes long,
the call to binary.LittleEndian.Uint32(value) would panic as the
function expects 4 bytes to parse into a uint32. We now perform a
sanity check that asserts that the value is 4 bytes long.
---
 psbt/partial_input.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/psbt/partial_input.go b/psbt/partial_input.go
index 3b4d123..3db042f 100644
--- a/psbt/partial_input.go
+++ b/psbt/partial_input.go
@@ -141,6 +141,12 @@ func (pi *PInput) deserialize(r io.Reader) error {
 				return ErrInvalidKeydata
 			}
 
+			// Bounds check on value here since the sighash type must be a
+			// 32-bit unsigned integer.
+			if len(value) != 4 {
+				return ErrInvalidKeydata
+			}
+
 			shtype := txscript.SigHashType(
 				binary.LittleEndian.Uint32(value),
 			)