From 147435bfe69b5ebf0af451795db84b5a25d8b383 Mon Sep 17 00:00:00 2001
From: Matt Corallo <git@bluematt.me>
Date: Sat, 26 Mar 2022 20:28:57 +0000
Subject: [PATCH] Add a bounds check before accessing a user-provided PK string

Fixes #53.
---
 src/hex_utils.rs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/hex_utils.rs b/src/hex_utils.rs
index 70fe28b..0eee5af 100644
--- a/src/hex_utils.rs
+++ b/src/hex_utils.rs
@@ -31,6 +31,9 @@ pub fn hex_str(value: &[u8]) -> String {
 }
 
 pub fn to_compressed_pubkey(hex: &str) -> Option<PublicKey> {
+	if hex.len() != 33 * 2 {
+		return None;
+	}
 	let data = match to_vec(&hex[0..33 * 2]) {
 		Some(bytes) => bytes,
 		None => return None,
-- 
2.30.2