From ddb8e4fdf2e366ccbe81cc2a4607ed9427f4285b Mon Sep 17 00:00:00 2001 From: Elichai Turkel Date: Thu, 8 Aug 2019 16:01:08 -0400 Subject: [PATCH] Explicit checks for empty slices --- src/key.rs | 2 ++ src/lib.rs | 4 ++++ src/recovery/mod.rs | 2 ++ 3 files changed, 8 insertions(+) diff --git a/src/key.rs b/src/key.rs index 25c898b..2e64df0 100644 --- a/src/key.rs +++ b/src/key.rs @@ -232,6 +232,8 @@ impl PublicKey { /// Creates a public key directly from a slice #[inline] pub fn from_slice(data: &[u8]) -> Result { + if data.is_empty() {return Err(Error::InvalidPublicKey);} + let mut pk = ffi::PublicKey::new(); unsafe { if ffi::secp256k1_ec_pubkey_parse( diff --git a/src/lib.rs b/src/lib.rs index 165a2d5..0863ded 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -247,6 +247,8 @@ impl Signature { #[inline] /// Converts a DER-encoded byte slice to a signature pub fn from_der(data: &[u8]) -> Result { + if data.is_empty() {return Err(Error::InvalidSignature);} + let mut ret = ffi::Signature::new(); unsafe { @@ -290,6 +292,8 @@ impl Signature { /// 2016. It should never be used in new applications. This library does not /// support serializing to this "format" pub fn from_der_lax(data: &[u8]) -> Result { + if data.is_empty() {return Err(Error::InvalidSignature);} + unsafe { let mut ret = ffi::Signature::new(); if ffi::ecdsa_signature_parse_der_lax( diff --git a/src/recovery/mod.rs b/src/recovery/mod.rs index d0d92e3..1cad4e6 100644 --- a/src/recovery/mod.rs +++ b/src/recovery/mod.rs @@ -58,6 +58,8 @@ impl RecoverableSignature { /// representation is nonstandard and defined by the libsecp256k1 /// library. pub fn from_compact(data: &[u8], recid: RecoveryId) -> Result { + if data.is_empty() {return Err(Error::InvalidSignature);} + let mut ret = ffi::RecoverableSignature::new(); unsafe {