Add a bounds check before accessing a user-provided PK string

author Matt Corallo <git@bluematt.me>

Sat, 26 Mar 2022 20:28:57 +0000 (20:28 +0000)

committer Matt Corallo <git@bluematt.me>

Sat, 26 Mar 2022 20:33:47 +0000 (20:33 +0000)
author Matt Corallo <git@bluematt.me>
Sat, 26 Mar 2022 20:28:57 +0000 (20:28 +0000)
committer Matt Corallo <git@bluematt.me>
Sat, 26 Mar 2022 20:33:47 +0000 (20:33 +0000)
diff --git a/src/hex_utils.rs b/src/hex_utils.rs

index 70fe28b13f30d8c5cf13ae3c6257bc3f3ece701c..0eee5af03beaa7938f8fd60a54765a79362d6b6b 100644 (file)
--- a/src/hex_utils.rs
+++ b/src/hex_utils.rs
@@ -31,6 +31,9 @@ pub fn hex_str(value: &[u8]) -> String {
  }
  
  pub fn to_compressed_pubkey(hex: &str) -> Option<PublicKey> {
+       if hex.len() != 33 * 2 {
+               return None;
+       }
         let data = match to_vec(&hex[0..33 * 2]) {
                 Some(bytes) => bytes,
                 None => return None,
author	Matt Corallo <git@bluematt.me>
	Sat, 26 Mar 2022 20:28:57 +0000 (20:28 +0000)
committer	Matt Corallo <git@bluematt.me>
	Sat, 26 Mar 2022 20:33:47 +0000 (20:33 +0000)