Merge #11081: Add length check for CExtKey deserialization (jonasschnelli, guidovranken)

laanwj · laanwj · commit 9f60b3707d1e · 2017-08-18T11:28:15.000+02:00
07685d1 Add length check for CExtKey deserialization (Jonas Schnelli) Pull request description: Fix a potential overwrite or uninitialised data issue. That code part is currently unused (at least in Bitcoin Core). We already do the same check `CExtPubKey`. Reported by @guidovranken Tree-SHA512: 069ac5335248cf890491bc019537d3b0f7481428a4b240c5cd28ee89b56f4c9f45d947dd626fe89b2fae58472b6dbef57ed909876efe9963e2d72380d17cff12
diff --git a/src/key.h b/src/key.h
@@ -172,6 +172,8 @@ struct CExtKey {
     {
         unsigned int len = ::ReadCompactSize(s);
         unsigned char code[BIP32_EXTKEY_SIZE];
+        if (len != BIP32_EXTKEY_SIZE)
+            throw std::runtime_error("Invalid extended key size\n");
         s.read((char *)&code[0], len);
         Decode(code);
     }

Original file line number	Diff line number	Diff line change
`@@ -172,6 +172,8 @@ struct CExtKey {`
`172`	`172`	`{`
`173`	`173`	`unsigned int len = ::ReadCompactSize(s);`
`174`	`174`	`unsigned char code[BIP32_EXTKEY_SIZE];`
	`175`	`+ if (len != BIP32_EXTKEY_SIZE)`
	`176`	`+ throw std::runtime_error("Invalid extended key size\n");`
`175`	`177`	`s.read((char *)&code[0], len);`
`176`	`178`	`Decode(code);`
`177`	`179`	`}`