From 677b9b681f5e2819fe34599beb0947adc22afabd Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Mon, 10 Jul 2023 14:43:46 -0400 Subject: [PATCH] 3.9/3.10. 3.9: Remove cast which fails on a several GB malicious TX 3.10 has its impossibility documented. A malicious RPC cananot effect this code. --- coins/bitcoin/src/wallet/mod.rs | 7 ++++++- coins/bitcoin/src/wallet/send.rs | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/coins/bitcoin/src/wallet/mod.rs b/coins/bitcoin/src/wallet/mod.rs index 46ffff96..3997730e 100644 --- a/coins/bitcoin/src/wallet/mod.rs +++ b/coins/bitcoin/src/wallet/mod.rs @@ -137,11 +137,16 @@ impl Scanner { pub fn scan_transaction(&self, tx: &Transaction) -> Vec { let mut res = vec![]; for (vout, output) in tx.output.iter().enumerate() { + // If the vout index exceeds 2**32, stop scanning outputs + let Ok(vout) = u32::try_from(vout) else { + break + }; + if let Some(offset) = self.scripts.get(&output.script_pubkey) { res.push(ReceivedOutput { offset: *offset, output: output.clone(), - outpoint: OutPoint::new(tx.txid(), u32::try_from(vout).unwrap()), + outpoint: OutPoint::new(tx.txid(), vout), }); } } diff --git a/coins/bitcoin/src/wallet/send.rs b/coins/bitcoin/src/wallet/send.rs index a176c2fc..7e245407 100644 --- a/coins/bitcoin/src/wallet/send.rs +++ b/coins/bitcoin/src/wallet/send.rs @@ -221,6 +221,8 @@ impl SignableTransaction { let mut sigs = vec![]; for i in 0 .. tx.input.len() { let mut transcript = transcript.clone(); + // This unwrap is safe since any transaction with this many inputs violates the maximum + // size allowed under standards, which this lib will error on creation of transcript.append_message(b"signing_input", u32::try_from(i).unwrap().to_le_bytes()); let offset = keys.clone().offset(self.offsets[i]);