psbt: return ErrInvalidKeydata if value isn't a 32-bit uint

This commit fixes a panic when deserializing PSBTs in raw binary.
If the key type was SighashType and the value was not 4 bytes long,
the call to binary.LittleEndian.Uint32(value) would panic as the
function expects 4 bytes to parse into a uint32. We now perform a
sanity check that asserts that the value is 4 bytes long.
This commit is contained in:
nsa 2020-04-08 17:54:59 -04:00
parent d08f03552c
commit f06d6af2f0

View file

@ -141,6 +141,12 @@ func (pi *PInput) deserialize(r io.Reader) error {
return ErrInvalidKeydata return ErrInvalidKeydata
} }
// Bounds check on value here since the sighash type must be a
// 32-bit unsigned integer.
if len(value) != 4 {
return ErrInvalidKeydata
}
shtype := txscript.SigHashType( shtype := txscript.SigHashType(
binary.LittleEndian.Uint32(value), binary.LittleEndian.Uint32(value),
) )