From ce58cba9fe4444b52bf688fec46c397e5e065d8e Mon Sep 17 00:00:00 2001 From: Christian Decker Date: Thu, 21 Mar 2019 19:02:44 +0100 Subject: [PATCH] wally: Making extra sure that pulling a TX results in the correct read offset. --- bitcoin/tx.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bitcoin/tx.c b/bitcoin/tx.c index 6995e302f..29c87cfdb 100644 --- a/bitcoin/tx.c +++ b/bitcoin/tx.c @@ -556,12 +556,15 @@ struct bitcoin_tx *pull_bitcoin_tx(const tal_t *ctx, const u8 **cursor, size_t i; u64 count; u8 flag = 0; + const u8 *oldcursor = *cursor; + size_t wsize; struct bitcoin_tx *tx = tal(ctx, struct bitcoin_tx); if (wally_tx_from_bytes(*cursor, *max, 0, &tx->wtx) != WALLY_OK) { *cursor = 0; return tal_free(tx); } tal_add_destructor(tx, bitcoin_tx_destroy); + wally_tx_get_length(tx->wtx, WALLY_TX_FLAG_USE_WITNESS, &wsize); assert(pull_le32(cursor, max) == tx->wtx->version); count = pull_length(cursor, max, 32 + 4 + 4 + 1); @@ -595,6 +598,7 @@ struct bitcoin_tx *pull_bitcoin_tx(const tal_t *ctx, const u8 **cursor, } assert(pull_le32(cursor, max) == tx->wtx->locktime); + assert(!*cursor || oldcursor + wsize == *cursor); /* If we ran short, fail. */ if (!*cursor) tx = tal_free(tx);