From 9fa09b974bd7f1eb93559b0b5d54d79e7eadbf1d Mon Sep 17 00:00:00 2001
From: UdjinM6 <UdjinM6@users.noreply.github.com>
Date: Mon, 8 Apr 2019 08:07:26 +0300
Subject: [PATCH] CBLSWrapper::SetHexStr() should not accept non-hex strings
 (#2843)

* CBLSWrapper::SetHexStr() should not accept non-hex strings

* Rework to implement suggested behaviour
---
 src/bls/bls.h          |  5 +++++
 src/test/bls_tests.cpp | 18 ++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/src/bls/bls.h b/src/bls/bls.h
index 01f730244daa4..b5f411289cb58 100644
--- a/src/bls/bls.h
+++ b/src/bls/bls.h
@@ -155,8 +155,13 @@ class CBLSWrapper
 
     bool SetHexStr(const std::string& str)
     {
+        if (!IsHex(str)) {
+            Reset();
+            return false;
+        }
         auto b = ParseHex(str);
         if (b.size() != SerSize) {
+            Reset();
             return false;
         }
         SetBuf(b);
diff --git a/src/test/bls_tests.cpp b/src/test/bls_tests.cpp
index bcacf340f636a..3f3f3f2aee6f5 100644
--- a/src/test/bls_tests.cpp
+++ b/src/test/bls_tests.cpp
@@ -10,6 +10,24 @@
 
 BOOST_FIXTURE_TEST_SUITE(bls_tests, BasicTestingSetup)
 
+BOOST_AUTO_TEST_CASE(bls_sethexstr_tests)
+{
+    CBLSSecretKey sk;
+    std::string strValidSecret = "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f";
+    // Note: invalid string passed to SetHexStr() should cause it to fail and reset key internal data
+    BOOST_CHECK(sk.SetHexStr(strValidSecret));
+    BOOST_CHECK(!sk.SetHexStr("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1g")); // non-hex
+    BOOST_CHECK(!sk.IsValid());
+    BOOST_CHECK(sk == CBLSSecretKey());
+    // Try few more invalid strings
+    BOOST_CHECK(sk.SetHexStr(strValidSecret));
+    BOOST_CHECK(!sk.SetHexStr("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e")); // hex but too short
+    BOOST_CHECK(!sk.IsValid());
+    BOOST_CHECK(sk.SetHexStr(strValidSecret));
+    BOOST_CHECK(!sk.SetHexStr("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20")); // hex but too long
+    BOOST_CHECK(!sk.IsValid());
+}
+
 BOOST_AUTO_TEST_CASE(bls_sig_tests)
 {
     CBLSSecretKey sk1, sk2;