TrueCloudLab/neoneo-go
7
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity

keys: don't panic if signature has invalid size

Browse source
This commit is contained in:
Evgenii Stratonikov 2020-09-29 13:54:15 +03:00
parent 9733a6f394
commit 0a596e1df2
2 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/crypto/keys/publickey.go
View file

@ -333,7 +333,7 @@ func (p *PublicKey) Address() string {
// Verify returns true if the signature is valid and corresponds
// to the hash and public key.
func (p *PublicKey) Verify(signature []byte, hash []byte) bool {
if p.X == nil || p.Y == nil {
if p.X == nil || p.Y == nil || len(signature) != 64 {
return false
}
rBytes := new(big.Int).SetBytes(signature[0:32])

3
pkg/crypto/keys/sign_verify_test.go
View file

@ -52,6 +52,9 @@ func TestPubKeyVerify(t *testing.T) {
expected := true
assert.Equal(t, expected, result)
// Small signature, no panic.
assert.False(t, pubKey.Verify([]byte{1, 2, 3}, hashedData.BytesBE()))
pubKey = &PublicKey{}
assert.False(t, pubKey.Verify(signedData, hashedData.BytesBE()))
})