Skip to content
This repository was archived by the owner on Oct 19, 2021. It is now read-only.

Commit 97dd8e7

Browse files
author
Hiroki Gondo
committed
Fix a buffer overflow in the C reference decoder
Merged original segwit_addr.c fix > sipa/bech32@2b0aac6 > Fix a buffer overflow in the C reference decoder > > Thanks to Christian Reitter and Dr. Jochen Hoenicke for discovering this issue > and suggesting a fix.
1 parent 8142b9c commit 97dd8e7

File tree

2 files changed

+2
-1
lines changed

2 files changed

+2
-1
lines changed

btc/segwit_addr.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -137,7 +137,7 @@ bool bech32_decode(char* hrp, uint8_t *data, size_t *data_len, const char *input
137137
++(*data_len);
138138
}
139139
hrp_len = input_len - (1 + *data_len);
140-
if (hrp_len < 1 || *data_len < 6) {
140+
if (1 + *data_len >= input_len || *data_len < 6) {
141141
return false;
142142
}
143143
*(data_len) -= 6;

btc/tests/testinc_bech32.cpp

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -136,6 +136,7 @@ static const char* invalid_address[] = {
136136
"BC13W508D6QEJXTDG4Y5R3ZARVARY0C5XW7KN40WF2",
137137
"bc1rw5uspcuh",
138138
"bc10w508d6qejxtdg4y5r3zarvary0c5xw7kw508d6qejxtdg4y5r3zarvary0c5xw7kw5rljs90",
139+
"bca0w508d6qejxtdg4y5r3zarvary0c5xw7kw508d6qejxtdg4y5r3zarvary0c5xw7kw5rljs90234567789035",
139140
"BC1QR508D6QEJXTDG4Y5R3ZARVARYV98GJ9P",
140141
"tb1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3q0sL5k7",
141142
"bc1zw508d6qejxtdg4y5r3zarvaryvqyzf3du",

0 commit comments

Comments
 (0)