diff options
| author | Andrew Chow <achow101-github@achow101.com> | 2022-07-25 14:23:58 -0400 |
|---|---|---|
| committer | Andrew Chow <achow101-github@achow101.com> | 2022-07-25 15:07:56 -0400 |
| commit | aa22009887eba6b6afdc530cfbcbe98e8aa34434 (patch) | |
| tree | de657a172af51fcf63b7e2f6ec506dbcf315d173 | |
| parent | 5057adf22fc4c3593e1e633defeda96be508f198 (diff) | |
| parent | 4fa79837ad19fada3a3df3fb490617f6ca4606e0 (diff) | |
| download | bitcoin-aa22009887eba6b6afdc530cfbcbe98e8aa34434.tar.xz | |
Merge bitcoin/bitcoin#25700: psbt: Fix unsigned integer overflow
4fa79837ad19fada3a3df3fb490617f6ca4606e0 psbt: Fix unsigned integer overflow (Aurèle Oulès)
Pull request description:
Fixes #25692.
This change prevents an unsigned integer overflow during the deserialization of a PSBT.
ACKs for top commit:
achow101:
ACK 4fa79837ad19fada3a3df3fb490617f6ca4606e0
Tree-SHA512: 0863d4d31ada1ba50632b6a66cb4c694c0a15680a90cf9370129cf3db15e3c10e65610b779db047d5a4cc7c920708b728948708e4023e916099c6bfe730f01f9
| -rw-r--r-- | src/psbt.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/psbt.h b/src/psbt.h index c390bb67d3..eef7d7dd3b 100644 --- a/src/psbt.h +++ b/src/psbt.h @@ -893,6 +893,9 @@ struct PSBTOutput s >> leaf_hashes; size_t after_hashes = s.size(); size_t hashes_len = before_hashes - after_hashes; + if (hashes_len > value_len) { + throw std::ios_base::failure("Output Taproot BIP32 keypath has an invalid length"); + } size_t origin_len = value_len - hashes_len; m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len))); break; |