tyiu/damus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix stack corruption in bech32 parsing

Browse Source 
This commit fixes a stack corruption issue caused by
an off-by-one error in one of the functions responsible
for parsing bech32 entities.

Changelog-None
Signed-off-by: Daniel D’Aquino <daniel@daquino.me>
This commit is contained in:
Daniel D’Aquino
2025-07-25 15:02:41 -07:00
parent bdd10cccaa
commit 5b6534fd56
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
nostrdb/src/bolt11/bech32.c
View File

@@ -104,7 +104,9 @@ bech32_encoding bech32_decode_len(char* hrp, uint8_t *data, size_t *data_len, co
++(*data_len); ++(*data_len);
} }
hrp_len = input_len - (1 + *data_len); hrp_len = input_len - (1 + *data_len);
if (hrp_len > max_hrp_len) // Maximum amount of text content is buffer length - 1 byte, to account for the null-terminator
int max_hrp_content_len = max_hrp_len - 1;
if (hrp_len > max_hrp_content_len)
return BECH32_ENCODING_NONE; return BECH32_ENCODING_NONE;
if (1 + *data_len >= input_len || *data_len < 6) { if (1 + *data_len >= input_len || *data_len < 6) {
return BECH32_ENCODING_NONE; return BECH32_ENCODING_NONE;

2
nostrdb/src/nostr_bech32.c
View File

@@ -307,7 +307,7 @@ int parse_nostr_bech32(unsigned char *buf, int buflen,
unsigned char *start; unsigned char *start;
size_t parsed_len, u5_out_len, u8_out_len; size_t parsed_len, u5_out_len, u8_out_len;
enum nostr_bech32_type type; enum nostr_bech32_type type;
#define MAX_PREFIX 8 #define MAX_PREFIX 9 // 8 bytes for the text, 1 byte for the null terminator
struct cursor cur, bech32, u8; struct cursor cur, bech32, u8;
make_cursor(buf, buf + buflen, &cur); make_cursor(buf, buf + buflen, &cur);