Core/grin
0
0
Fork 0
mirror of https://github.com/mimblewimble/grin.git synced 2025-01-20 19:11:08 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Safety: check length during deserialization (#3551)

Browse source
This commit is contained in:
jaspervdm 2021-02-02 15:56:00 +01:00 committed by GitHub
parent 4877f30e2c
commit 61982efdd9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
core/src/libtx/secp_ser.rs
View file

@ -83,6 +83,9 @@ pub mod option_sig_serde {
Some(string) => from_hex(&string) Some(string) => from_hex(&string)
.map_err(Error::custom) .map_err(Error::custom)
.and_then(|bytes: Vec<u8>| { .and_then(|bytes: Vec<u8>| {
if bytes.len() < 64 {
return Err(Error::invalid_length(bytes.len(), &"64 bytes"));
}
let mut b = [0u8; 64]; let mut b = [0u8; 64];
b.copy_from_slice(&bytes[0..64]); b.copy_from_slice(&bytes[0..64]);
secp::Signature::from_compact(&static_secp, &b) secp::Signature::from_compact(&static_secp, &b)
@ -125,6 +128,9 @@ pub mod option_seckey_serde {
Some(string) => from_hex(&string) Some(string) => from_hex(&string)
.map_err(Error::custom) .map_err(Error::custom)
.and_then(|bytes: Vec<u8>| { .and_then(|bytes: Vec<u8>| {
if bytes.len() < 32 {
return Err(Error::invalid_length(bytes.len(), &"32 bytes"));
}
let mut b = [0u8; 32]; let mut b = [0u8; 32];
b.copy_from_slice(&bytes[0..32]); b.copy_from_slice(&bytes[0..32]);
secp::key::SecretKey::from_slice(&static_secp, &b) secp::key::SecretKey::from_slice(&static_secp, &b)
@ -162,6 +168,9 @@ pub mod sig_serde {
String::deserialize(deserializer) String::deserialize(deserializer)
.and_then(|string| from_hex(&string).map_err(Error::custom)) .and_then(|string| from_hex(&string).map_err(Error::custom))
.and_then(|bytes: Vec<u8>| { .and_then(|bytes: Vec<u8>| {
if bytes.len() < 64 {
return Err(Error::invalid_length(bytes.len(), &"64 bytes"));
}
let mut b = [0u8; 64]; let mut b = [0u8; 64];
b.copy_from_slice(&bytes[0..64]); b.copy_from_slice(&bytes[0..64]);
secp::Signature::from_compact(&static_secp, &b).map_err(Error::custom) secp::Signature::from_compact(&static_secp, &b).map_err(Error::custom)