From 4774e2c59f3cd12b754a4eca2e9bb2fc76285d98 Mon Sep 17 00:00:00 2001 From: Luke Dashjr Date: Mon, 18 Aug 2014 14:51:58 +0000 Subject: [PATCH 1/3] b58check: Check binsz is long enough for checksum --- base58.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/base58.c b/base58.c index 6810002..30bb051 100644 --- a/base58.c +++ b/base58.c @@ -94,6 +94,8 @@ int _blkmk_b58check(void *bin, size_t binsz, const char *base58str) { unsigned char buf[32]; unsigned char *binc = bin; unsigned i; + if (binsz < 4) + return -4; if (!_blkmk_dblsha256(buf, bin, binsz - 4)) return -2; if (memcmp(&binc[binsz - 4], buf, 4)) From 628b158a205aac982b151aa2b6f42aaf62fbdded Mon Sep 17 00:00:00 2001 From: Luke Dashjr Date: Mon, 18 Aug 2014 20:18:22 +0000 Subject: [PATCH 2/3] Avoid unsafe casting --- base58.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/base58.c b/base58.c index 30bb051..335a46d 100644 --- a/base58.c +++ b/base58.c @@ -84,8 +84,10 @@ bool _blkmk_b58tobin(void *bin, size_t binsz, const char *b58, size_t b58sz) { for (; j < outisz; ++j) { - *((uint32_t*)binu) = htonl(outi[j]); - binu += sizeof(uint32_t); + *(binu++) = outi[j] >> 0x18; + *(binu++) = outi[j] >> 0x10; + *(binu++) = outi[j] >> 8; + *(binu++) = outi[j]; } return true; } From 37ed1a8680db579b77e4b1e08e424a2f9de146d8 Mon Sep 17 00:00:00 2001 From: Luke Dashjr Date: Mon, 18 Aug 2014 20:18:49 +0000 Subject: [PATCH 3/3] Bugfix: b58tobin: Correct zeromask for multiple-of-four binary buffer sizes --- base58.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base58.c b/base58.c index 335a46d..50daefc 100644 --- a/base58.c +++ b/base58.c @@ -39,7 +39,7 @@ bool _blkmk_b58tobin(void *bin, size_t binsz, const char *b58, size_t b58sz) { uint32_t c; size_t i, j; uint8_t bytesleft = binsz % 4; - uint32_t zeromask = ~((1 << ((bytesleft) * 8)) - 1); + uint32_t zeromask = ~((1 << ((bytesleft ?: 4) * 8)) - 1); if (!b58sz) b58sz = strlen(b58);