Fix publicKeyVerify length check (#167)

cryptocoinjs · Apr 27, 2020 · d2664cb · d2664cb
1 parent d9f7bf0
commit d2664cb
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/lib/elliptic.js b/lib/elliptic.js
@@ -47,12 +47,12 @@ function loadPublicKey (pubkey) {
   switch (first) {
     case 0x02:
     case 0x03:
-      // if (pubkey.length !== 33) return null
+      if (pubkey.length !== 33) return null
       return loadCompressedPublicKey(first, pubkey.subarray(1, 33))
     case 0x04:
     case 0x06:
     case 0x07:
-      // if (pubkey.length !== 65) return null
+      if (pubkey.length !== 65) return null
       return loadUncompressedPublicKey(first, pubkey.subarray(1, 33), pubkey.subarray(33, 65))
     default:
       return null

diff --git a/test/publickey.js b/test/publickey.js
@@ -28,6 +28,10 @@ module.exports = (t, secp256k1) => {
       invalidY[64] ^= 0x01
       t.false(secp256k1.publicKeyVerify(invalidY), 'invalid Y')
 
+      const invalidLength = Buffer.from(publicKey.uncompressed)
+      invalidLength[0] = publicKey.compressed[0]
+      t.false(secp256k1.publicKeyVerify(invalidLength), 'invalid length')
+
       t.end()
     })