From 755d021f8e0e40197da2c0f97e87c8b77c36a853 Mon Sep 17 00:00:00 2001
From: Luke Parker <lukeparker5132@gmail.com>
Date: Sun, 21 Aug 2022 08:58:28 -0400
Subject: [PATCH] Canonicalize read_varint

There is a slight note we only implement u64 varint's, while Monero does
it for arbitrary uints, yet that's not relevant at this time. It is
documented in #25.
---
 coins/monero/src/serialize.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/coins/monero/src/serialize.rs b/coins/monero/src/serialize.rs
index 678ec318..624289fa 100644
--- a/coins/monero/src/serialize.rs
+++ b/coins/monero/src/serialize.rs
@@ -76,8 +76,14 @@ pub fn read_varint<R: io::Read>(r: &mut R) -> io::Result<u64> {
   let mut res = 0;
   while {
     let b = read_byte(r)?;
+    if (bits != 0) && (b == 0) {
+      Err(io::Error::new(io::ErrorKind::Other, "non-canonical varint"))?;
+    }
+    if ((bits + 7) > 64) && (b >= (1 << (64 - bits))) {
+      Err(io::Error::new(io::ErrorKind::Other, "varint overflow"))?;
+    }
+
     res += u64::from(b & (!VARINT_CONTINUATION_MASK)) << bits;
-    // TODO: Error if bits exceed u64
     bits += 7;
     b & VARINT_CONTINUATION_MASK == VARINT_CONTINUATION_MASK
   } {}