From 7d662b6b6813130872acd12cdf7b5189dbdfabda Mon Sep 17 00:00:00 2001 From: Matt Morehouse Date: Tue, 16 May 2023 10:57:15 -0500 Subject: [PATCH] fuzz: check key validity before serializing We need to check that the key is valid for two reasons: 1) towire_ext_key() aborts if the key is invalid 2) fromwire_ext_key() doesn't check the parsed key for validity Since bip32_key_get_fingerprint() fails if the key is invalid, we can call it first to guarantee the key is valid before serializing. --- tests/fuzz/fuzz-bip32.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/fuzz/fuzz-bip32.c b/tests/fuzz/fuzz-bip32.c index 0231f088b..f126599a0 100644 --- a/tests/fuzz/fuzz-bip32.c +++ b/tests/fuzz/fuzz-bip32.c @@ -15,6 +15,7 @@ void run(const uint8_t *data, size_t size) u8 *wire_buff; const uint8_t **xkey_chunks, **ver_chunks, *wire_ptr; size_t wire_max; + u8 fingerprint[BIP32_KEY_FINGERPRINT_LEN]; if (size < BIP32_SERIALIZED_LEN) return; @@ -26,6 +27,14 @@ void run(const uint8_t *data, size_t size) fromwire_ext_key(&wire_ptr, &wire_max, &xkey); if (wire_ptr) { + // Check key validity by attempting to get the + // fingerprint, which will fail if the key is invalid. + if (bip32_key_get_fingerprint(&xkey, fingerprint, + sizeof(fingerprint))) + continue; + + // Since the key is valid, we should be able to + // serialize it again successfully. wire_buff = tal_arr(NULL, uint8_t, BIP32_SERIALIZED_LEN); towire_ext_key(&wire_buff, &xkey); tal_free(wire_buff);