From deaa6dd144f5650b385658a0c4f9a014aff8dde2 Mon Sep 17 00:00:00 2001
From: Andrew Chow <achow101-github@achow101.com>
Date: Tue, 15 Oct 2019 17:26:46 -0400
Subject: psbt: check output index is within bounds before accessing

---
 src/node/psbt.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/node')

diff --git a/src/node/psbt.cpp b/src/node/psbt.cpp
index 69fb1a28a9..ff7a38e40d 100644
--- a/src/node/psbt.cpp
+++ b/src/node/psbt.cpp
@@ -39,6 +39,10 @@ PSBTAnalysis AnalyzePSBT(PartiallySignedTransaction psbtx)
             in_amt += utxo.nValue;
             input_analysis.has_utxo = true;
         } else {
+            if (input.non_witness_utxo && psbtx.tx->vin[i].prevout.n >= input.non_witness_utxo->vout.size()) {
+                result.SetInvalid(strprintf("PSBT is not valid. Input %u specifies invalid prevout", i));
+                return result;
+            }
             input_analysis.has_utxo = false;
             input_analysis.is_final = false;
             input_analysis.next = PSBTRole::UPDATER;
-- 
cgit v1.2.3