util: Don't allow base58-decoding of std::string:s containing non-base58 characters

practicalswift · practicalswift · commit d945c6f5e6f6 · 2019-12-12T11:01:56.000Z
diff --git a/src/base58.cpp b/src/base58.cpp
@@ -7,6 +7,7 @@
 #include <hash.h>
 #include <uint256.h>
 #include <util/strencodings.h>
+#include <util/string.h>
 
 #include <assert.h>
 #include <string.h>
@@ -130,6 +131,9 @@ std::string EncodeBase58(const std::vector<unsigned char>& vch)
 
 bool DecodeBase58(const std::string& str, std::vector<unsigned char>& vchRet, int max_ret_len)
 {
+    if (!ValidAsCString(str)) {
+        return false;
+    }
     return DecodeBase58(str.c_str(), vchRet, max_ret_len);
 }
 
@@ -161,5 +165,8 @@ bool DecodeBase58Check(const char* psz, std::vector<unsigned char>& vchRet, int
 
 bool DecodeBase58Check(const std::string& str, std::vector<unsigned char>& vchRet, int max_ret)
 {
+    if (!ValidAsCString(str)) {
+        return false;
+    }
     return DecodeBase58Check(str.c_str(), vchRet, max_ret);
 }
diff --git a/src/util/strencodings.cpp b/src/util/strencodings.cpp
@@ -4,6 +4,7 @@
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <util/strencodings.h>
+#include <util/string.h>
 
 #include <tinyformat.h>
 
@@ -269,7 +270,7 @@ NODISCARD static bool ParsePrechecks(const std::string& str)
         return false;
     if (str.size() >= 1 && (IsSpace(str[0]) || IsSpace(str[str.size()-1]))) // No padding allowed
         return false;
-    if (str.size() != strlen(str.c_str())) // No embedded NUL characters allowed
+    if (!ValidAsCString(str)) // No embedded NUL characters allowed
         return false;
     return true;
 }
diff --git a/src/util/string.h b/src/util/string.h
@@ -5,6 +5,9 @@
 #ifndef BITCOIN_UTIL_STRING_H
 #define BITCOIN_UTIL_STRING_H
 
+#include <attributes.h>
+
+#include <cstring>
 #include <string>
 #include <vector>
 
@@ -31,4 +34,12 @@ inline std::string Join(const std::vector<std::string>& list, const std::string&
     return Join(list, separator, [](const std::string& i) { return i; });
 }
 
+/**
+ * Check if a string does not contain any embedded NUL (\0) characters
+ */
+NODISCARD inline bool ValidAsCString(const std::string& str) noexcept
+{
+    return str.size() == strlen(str.c_str());
+}
+
 #endif // BITCOIN_UTIL_STRENCODINGS_H

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@`
`7`	`7`	`#include <hash.h>`
`8`	`8`	`#include <uint256.h>`
`9`	`9`	`#include <util/strencodings.h>`
	`10`	`+#include <util/string.h>`
`10`	`11`
`11`	`12`	`#include <assert.h>`
`12`	`13`	`#include <string.h>`
`@@ -130,6 +131,9 @@ std::string EncodeBase58(const std::vector<unsigned char>& vch)`
`130`	`131`
`131`	`132`	`bool DecodeBase58(const std::string& str, std::vector<unsigned char>& vchRet, int max_ret_len)`
`132`	`133`	`{`
	`134`	`+ if (!ValidAsCString(str)) {`
	`135`	`+ return false;`
	`136`	`+ }`
`133`	`137`	`return DecodeBase58(str.c_str(), vchRet, max_ret_len);`
`134`	`138`	`}`
`135`	`139`
`@@ -161,5 +165,8 @@ bool DecodeBase58Check(const char* psz, std::vector<unsigned char>& vchRet, int`
`161`	`165`
`162`	`166`	`bool DecodeBase58Check(const std::string& str, std::vector<unsigned char>& vchRet, int max_ret)`
`163`	`167`	`{`
	`168`	`+ if (!ValidAsCString(str)) {`
	`169`	`+ return false;`
	`170`	`+ }`
`164`	`171`	`return DecodeBase58Check(str.c_str(), vchRet, max_ret);`
`165`	`172`	`}`