Skip to content

Commit

Permalink
common: Fix off-by-one in from_bech32_charset
Browse files Browse the repository at this point in the history 
`bech32_charset_rev` is only 128 bytes in size but the `c < 0 || c > 128` check allows for `c` to be equal to 128 which would be out-of-bounds. Fix this off-by-one bug by changing the check to `c >= 128`.
  • Loading branch information
@dergoegge @vincenzopalazzo
dergoegge authored and vincenzopalazzo committed May 18, 2024
1 parent 7040d49 commit 1231667
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions common/bech32_util.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,9 @@ bool from_bech32_charset(const tal_t *ctx,
u5data = tal_arr(NULL, u5, datalen);
for (size_t i = 0; i < datalen; i++) {
int c = sep[1+i];
if (c < 0 || c > 128)
goto fail;
c = fixup_char(c, &upper, &lower);
if (c < 0 || c >= 128)
goto fail;
if (bech32_charset_rev[c] == -1)
goto fail;
u5data[i] = bech32_charset_rev[c];
Expand Down

0 comments on commit 1231667

Please sign in to comment.