mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2024-11-19 18:11:28 +01:00
Code Issues Projects Releases Wiki Activity

fuzz: check key validity before serializing

Browse Source 
We need to check that the key is valid for two reasons:
  1) towire_ext_key() aborts if the key is invalid
  2) fromwire_ext_key() doesn't check the parsed key for validity

Since bip32_key_get_fingerprint() fails if the key is invalid, we can
call it first to guarantee the key is valid before serializing.
This commit is contained in:
Matt Morehouse 2023-05-16 10:57:15 -05:00 committed by Christian Decker
parent eed73082f5
commit 7d662b6b68
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tests/fuzz/fuzz-bip32.c
View File

@ -15,6 +15,7 @@ void run(const uint8_t *data, size_t size)
u8 *wire_buff; u8 *wire_buff;
const uint8_t **xkey_chunks, **ver_chunks, *wire_ptr; const uint8_t **xkey_chunks, **ver_chunks, *wire_ptr;
size_t wire_max; size_t wire_max;
u8 fingerprint[BIP32_KEY_FINGERPRINT_LEN];
if (size < BIP32_SERIALIZED_LEN) if (size < BIP32_SERIALIZED_LEN)
return; return;
@ -26,6 +27,14 @@ void run(const uint8_t *data, size_t size)
fromwire_ext_key(&wire_ptr, &wire_max, &xkey); fromwire_ext_key(&wire_ptr, &wire_max, &xkey);
if (wire_ptr) { if (wire_ptr) {
// Check key validity by attempting to get the
// fingerprint, which will fail if the key is invalid.
if (bip32_key_get_fingerprint(&xkey, fingerprint,
sizeof(fingerprint)))
continue;
// Since the key is valid, we should be able to
// serialize it again successfully.
wire_buff = tal_arr(NULL, uint8_t, BIP32_SERIALIZED_LEN); wire_buff = tal_arr(NULL, uint8_t, BIP32_SERIALIZED_LEN);
towire_ext_key(&wire_buff, &xkey); towire_ext_key(&wire_buff, &xkey);
tal_free(wire_buff); tal_free(wire_buff);