LBRYCommunity/lbrycrd
1
0
Fork 0
Code Issues 29 Pull requests 1 Projects Releases 32 Packages Wiki Activity

Merge #11081: Add length check for CExtKey deserialization (jonasschnelli, guidovranken)

Browse source 
07685d1 Add length check for CExtKey deserialization (Jonas Schnelli)

Pull request description:

  Fix a potential overwrite or uninitialised data issue.
  That code part is currently unused (at least in Bitcoin Core).
  We already do the same check `CExtPubKey`.

  Reported by @guidovranken

Tree-SHA512: 069ac5335248cf890491bc019537d3b0f7481428a4b240c5cd28ee89b56f4c9f45d947dd626fe89b2fae58472b6dbef57ed909876efe9963e2d72380d17cff12
This commit is contained in:
Wladimir J. van der Laan 2017-08-18 11:27:56 +02:00
commit 9f60b3707d
No known key found for this signature in database
GPG key ID: 1E4AED62986CD25D
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/key.h
View file

@ -172,6 +172,8 @@ struct CExtKey {
{
unsigned int len = ::ReadCompactSize(s);
unsigned char code[BIP32_EXTKEY_SIZE];
if (len != BIP32_EXTKEY_SIZE)
throw std::runtime_error("Invalid extended key size\n");
s.read((char *)&code[0], len);
Decode(code);
}