Skip to content
This repository has been archived by the owner before Nov 9, 2022. It is now read-only.
Permalink
Browse files
Fix a buffer overflow in the C reference decoder 
Merged original segwit_addr.c fix
> sipa/bech32@2b0aac6
> Fix a buffer overflow in the C reference decoder
>
> Thanks to Christian Reitter and Dr. Jochen Hoenicke for discovering this issue
> and suggesting a fix.
  • Loading branch information
@nayuta-gondo
nayuta-gondo committed Oct 31, 2018
1 parent 8142b9c commit 97dd8e79057563cf36278045ce235332f668dd8e
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 btc/segwit_addr.c
View file
@@ -137,7 +137,7 @@ bool bech32_decode(char* hrp, uint8_t *data, size_t *data_len, const char *input
++(*data_len);
}
hrp_len = input_len - (1 + *data_len);
if (hrp_len < 1 || *data_len < 6) {
if (1 + *data_len >= input_len || *data_len < 6) {
return false;
}
*(data_len) -= 6;
1 btc/tests/testinc_bech32.cpp
View file
@@ -136,6 +136,7 @@ static const char* invalid_address[] = {
"BC13W508D6QEJXTDG4Y5R3ZARVARY0C5XW7KN40WF2",
"bc1rw5uspcuh",
"bc10w508d6qejxtdg4y5r3zarvary0c5xw7kw508d6qejxtdg4y5r3zarvary0c5xw7kw5rljs90",
"bca0w508d6qejxtdg4y5r3zarvary0c5xw7kw508d6qejxtdg4y5r3zarvary0c5xw7kw5rljs90234567789035",
"BC1QR508D6QEJXTDG4Y5R3ZARVARYV98GJ9P",
"tb1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3q0sL5k7",
"bc1zw508d6qejxtdg4y5r3zarvaryvqyzf3du",

0 comments on commit 97dd8e7

Please sign in to comment.