Merge #11081: Add length check for CExtKey deserialization (jonasschnelli, guidovranken)

07685d1 Add length check for CExtKey deserialization (Jonas Schnelli) Pull request description: Fix a potential overwrite or uninitialised data issue. That code part is currently unused (at least in Bitcoin Core). We already do the same check `CExtPubKey`. Reported by @guidovranken Tree-SHA512: 069ac5335248cf890491bc019537d3b0f7481428a4b240c5cd28ee89b56f4c9f45d947dd626fe89b2fae58472b6dbef57ed909876efe9963e2d72380d17cff12
author: Wladimir J. van der Laan <laanwj@gmail.com> 2017-08-18 11:27:56 +0200
committer: Wladimir J. van der Laan <laanwj@gmail.com> 2017-08-18 11:28:15 +0200
commit: 9f60b3707d1ecf96b6340b2093b8a8fabcd77e74 (patch)
tree: b772bff2a4a25fb00d1affaebd77574b0d2cc2d3 /src
parent: c58128f189929e8efbf98456df3451e448aaa603 (diff)
parent: 07685d1bc1b0b815c00a68a5b7b335ffa0d4d90d (diff)
download: bitcoin-9f60b3707d1ecf96b6340b2093b8a8fabcd77e74.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/src/key.h b/src/key.h
index 2c6f151727..151e63531b 100644
--- a/src/key.h
+++ b/src/key.h
@@ -172,6 +172,8 @@ struct CExtKey {
     {
         unsigned int len = ::ReadCompactSize(s);
         unsigned char code[BIP32_EXTKEY_SIZE];
+        if (len != BIP32_EXTKEY_SIZE)
+            throw std::runtime_error("Invalid extended key size\n");
         s.read((char *)&code[0], len);
         Decode(code);
     }
author	Wladimir J. van der Laan <laanwj@gmail.com>	2017-08-18 11:27:56 +0200
committer	Wladimir J. van der Laan <laanwj@gmail.com>	2017-08-18 11:28:15 +0200
commit	9f60b3707d1ecf96b6340b2093b8a8fabcd77e74 (patch)
tree	b772bff2a4a25fb00d1affaebd77574b0d2cc2d3 /src
parent	c58128f189929e8efbf98456df3451e448aaa603 (diff)
parent	07685d1bc1b0b815c00a68a5b7b335ffa0d4d90d (diff)
download	bitcoin-9f60b3707d1ecf96b6340b2093b8a8fabcd77e74.tar.xz