Skip to content

Commit

Permalink
Fix a buffer overflow in the C reference decoder
Browse files Browse the repository at this point in the history
Thanks to Christian Reitter and Dr. Jochen Hoenicke for discovering this issue
and suggesting a fix.
  • Loading branch information
sipa committed Oct 30, 2018
1 parent bfc7167 commit 2b0aac6
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion ref/c/segwit_addr.c
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ int bech32_decode(char* hrp, uint8_t *data, size_t *data_len, const char *input)
++(*data_len);
}
hrp_len = input_len - (1 + *data_len);
if (hrp_len < 1 || *data_len < 6) {
if (1 + *data_len >= input_len || *data_len < 6) {
return 0;
}
*(data_len) -= 6;
Expand Down
1 change: 1 addition & 0 deletions ref/c/tests.c
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ static const char* invalid_address[] = {
"BC13W508D6QEJXTDG4Y5R3ZARVARY0C5XW7KN40WF2",
"bc1rw5uspcuh",
"bc10w508d6qejxtdg4y5r3zarvary0c5xw7kw508d6qejxtdg4y5r3zarvary0c5xw7kw5rljs90",
"bca0w508d6qejxtdg4y5r3zarvary0c5xw7kw508d6qejxtdg4y5r3zarvary0c5xw7kw5rljs90234567789035",
"BC1QR508D6QEJXTDG4Y5R3ZARVARYV98GJ9P",
"tb1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3q0sL5k7",
"bc1zw508d6qejxtdg4y5r3zarvaryvqyzf3du",
Expand Down

0 comments on commit 2b0aac6

Please sign in to comment.