Skip to content

Commit 8254e99

Browse files
sipasipa
committed
Additional sanity checks in SignPSBTInput
1 parent c05712c commit 8254e99

File tree

2 files changed

+17
-1
lines changed

2 files changed

+17
-1
lines changed

src/script/sign.cpp

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -244,17 +244,33 @@ bool SignPSBTInput(const SigningProvider& provider, const CMutableTransaction& t
244244
input.FillSignatureData(sigdata);
245245

246246
// Get UTXO
247+
bool require_witness_sig = false;
247248
CTxOut utxo;
248249
if (input.non_witness_utxo) {
250+
// If we're taking our information from a non-witness UTXO, verify that it matches the prevout.
251+
if (input.non_witness_utxo->GetHash() != tx.vin[index].prevout.hash) return false;
252+
// If both witness and non-witness UTXO are provided, verify that they match. This check shouldn't
253+
// matter, as the PSBT deserializer enforces only one of both is provided, and the only way both
254+
// can be present is when they're added simultaneously by FillPSBT (in which case they always match).
255+
// Still, check in order to not rely on callers to enforce this.
256+
if (!input.witness_utxo.IsNull() && input.non_witness_utxo->vout[tx.vin[index].prevout.n] != input.witness_utxo) return false;
249257
utxo = input.non_witness_utxo->vout[tx.vin[index].prevout.n];
250258
} else if (!input.witness_utxo.IsNull()) {
251259
utxo = input.witness_utxo;
260+
// When we're taking our information from a witness UTXO, we can't verify it is actually data from
261+
// the output being spent. This is safe in case a witness signature is produced (which includes this
262+
// information directly in the hash), but not for non-witness signatures. Remember that we require
263+
// a witness signature in this situation.
264+
require_witness_sig = true;
252265
} else {
253266
return false;
254267
}
255268

256269
MutableTransactionSignatureCreator creator(&tx, index, utxo.nValue, sighash);
270+
sigdata.witness = false;
257271
bool sig_complete = ProduceSignature(provider, creator, utxo.scriptPubKey, sigdata);
272+
// Verify that a witness signature was produced in case one was required.
273+
if (require_witness_sig && !sigdata.witness) return false;
258274
input.FromSignatureData(sigdata);
259275
return sig_complete;
260276
}

src/script/sign.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -678,7 +678,7 @@ bool ProduceSignature(const SigningProvider& provider, const BaseSignatureCreato
678678
bool SignSignature(const SigningProvider &provider, const CScript& fromPubKey, CMutableTransaction& txTo, unsigned int nIn, const CAmount& amount, int nHashType);
679679
bool SignSignature(const SigningProvider &provider, const CTransaction& txFrom, CMutableTransaction& txTo, unsigned int nIn, int nHashType);
680680

681-
/** Signs a PSBTInput */
681+
/** Signs a PSBTInput, verifying that all provided data matches what is being signed. */
682682
bool SignPSBTInput(const SigningProvider& provider, const CMutableTransaction& tx, PSBTInput& input, SignatureData& sigdata, int index, int sighash = 1);
683683

684684
/** Extract signature data from a transaction input, and insert it. */

0 commit comments

Comments
 (0)