Skip to content
Permalink
Browse files
Fix VULN-1845
  • Loading branch information
@keepkeyjon
keepkeyjon committed Oct 28, 2018
1 parent c8249b6 commit 2854403d366c26b09a15dcd659cae56b5f201e81
Showing 3 changed files with 42 additions and 2 deletions.
2 deps/crypto/trezor-crypto
Submodule trezor-crypto updated 3 files
+1 −1 cash_addr.c
+1 −1 segwit_addr.c
+2 −2 tests/test_check_cashaddr.h
3 unittests/crypto/CMakeLists.txt
View file
@@ -1,5 +1,6 @@
set(sources
rand.cpp)
rand.cpp
vuln1845.cpp)

include_directories(
${CMAKE_SOURCE_DIR}/include
39 unittests/crypto/vuln1845.cpp
View file
@@ -0,0 +1,39 @@
#include <cstddef>

extern "C" {
#include "trezor/crypto/segwit_addr.h"
#include "trezor/crypto/ecdsa.h"
#include "trezor/crypto/cash_addr.h"
}

#include "gtest/gtest.h"

#include <cinttypes>
#include <string>
#include <vector>


TEST(Vuln1845, Bech32Decode) {
std::string input = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefg";
std::vector<char> hrp(input.size() - 6);
std::vector<uint8_t> data(input.size() - 8);

size_t data_len;
ASSERT_NE(1, bech32_decode(&hrp[0], &data[0], &data_len, input.c_str()));
}

TEST(Vuln1845, CashAddrDecode) {
std::vector<uint8_t> addr_raw(MAX_ADDR_RAW_SIZE);
size_t len;

ASSERT_FALSE(cash_addr_decode(&addr_raw[0], &len, "bitcoincash:",
"\x53\x74\x32\x63\x74\x79\x70\x63\x45\x74\x53\x49\x3a\x4d\x63\x4e"
"\x53\x74\x36\x63\x74\x65\x63\x43\x43\x43\x43\x43\x43\x4a\x43\x43"
"\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43"
"\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43"
"\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43"
"\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43"
"\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43"
"\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x43\x61\x00\x61\x61"
"\x28"));
}

0 comments on commit 2854403

Please sign in to comment.