psbt finalizer: error early on too short signatures

We would otherwise treat the last byte of the sig for -say- a missing sighash flag, and then treat this invalid sighash as SIGHAH_ALL. It's confusing so better to fail early on signatures that are known to be invalid with today's Bitcoin. Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
rust-bitcoin · Feb 3, 2021 · ab37293 · ab37293
1 parent 42367cf
commit ab37293
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/psbt/finalizer.rs b/src/psbt/finalizer.rs
@@ -252,7 +252,9 @@ pub fn finalize<C: secp256k1::Verification>(
     for (n, input) in psbt.inputs.iter().enumerate() {
         let target = input.sighash_type.unwrap_or(bitcoin::SigHashType::All);
         for (key, rawsig) in &input.partial_sigs {
-            if rawsig.is_empty() {
+            // If it comports a SIGHASH flag, it must at least be 71-bytes long.
+            // If it doesn't, it's invalid. FIXME: it's only valid for ECDSA sigs.
+            if rawsig.len() < 71 {
                 return Err(Error::InputError(
                     InputError::InvalidSignature {
                         pubkey: *key,