projects / ldk-sample / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add a bounds check before accessing a user-provided PK string
[ldk-sample] / src / hex_utils.rs
diff --git a/src/hex_utils.rs b/src/hex_utils.rs
index 70fe28b13f30d8c5cf13ae3c6257bc3f3ece701c..0eee5af03beaa7938f8fd60a54765a79362d6b6b 100644 (file)
--- a/src/hex_utils.rs
+++ b/src/hex_utils.rs
@@ -31,6 +31,9 @@ pub fn hex_str(value: &[u8]) -> String {
 }
 
 pub fn to_compressed_pubkey(hex: &str) -> Option<PublicKey> {
+       if hex.len() != 33 * 2 {
+               return None;
+       }
        let data = match to_vec(&hex[0..33 * 2]) {
                Some(bytes) => bytes,
                None => return None,
Unnamed repository; edit this file 'description' to name the repository.