Fix VULN-1845

keepkeyjon · keepkeyjon · commit 2854403d366c · 2018-10-28T14:27:33.000-06:00
diff --git a/deps/crypto/trezor-crypto b/deps/crypto/trezor-crypto
@@ -1 +1 @@
-Subproject commit 83c56d73fd81fd39ed5d259751dace6dba28f3b1
+Subproject commit 3186b192ffa99082802c44ac8893bdee5d2ed6ed
diff --git a/unittests/crypto/CMakeLists.txt b/unittests/crypto/CMakeLists.txt
@@ -1,5 +1,6 @@
 set(sources
-    rand.cpp)
+    rand.cpp
+    vuln1845.cpp)
 
 include_directories(
     ${CMAKE_SOURCE_DIR}/include
diff --git a/unittests/crypto/vuln1845.cpp b/unittests/crypto/vuln1845.cpp
@@ -0,0 +1,39 @@
+#include <cstddef>
+
+extern "C" {
+#include "trezor/crypto/segwit_addr.h"
+#include "trezor/crypto/ecdsa.h"
+#include "trezor/crypto/cash_addr.h"
+}
+
+#include "gtest/gtest.h"
+
+#include <cinttypes>
+#include <string>
+#include <vector>
+
+
+TEST(Vuln1845, Bech32Decode) {
+    std::string input = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefg";
+    std::vector<char> hrp(input.size() - 6);
+    std::vector<uint8_t> data(input.size() - 8);
+
+    size_t data_len;
+    ASSERT_NE(1, bech32_decode(&hrp[0], &data[0], &data_len, input.c_str()));
+}
+
+TEST(Vuln1845, CashAddrDecode) {
+    std::vector<uint8_t> addr_raw(MAX_ADDR_RAW_SIZE);
+    size_t len;
+
+    ASSERT_FALSE(cash_addr_decode(&addr_raw[0], &len, "bitcoincash:",
+                                  "\x53\x74\x32\x63\x74\x79\x70\x63\x45\x74\x53\x49\x3a\x4d\x63\x4e"
+                                  "\x53\x74\x36\x63\x74\x65\x63\x43\x43\x43\x43\x43\x43\x4a\x43\x43"
+                                  "\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43"
+                                  "\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43"
+                                  "\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43"
+                                  "\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43"
+                                  "\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43"
+                                  "\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x61\x00\x61\x61"
+                                  "\x28"));
+}
