bitcoin icon indicating copy to clipboard operation
bitcoin copied to clipboard

Published 20 hours ago verified publisher icon bitcoin

Don't wrap around when deriving an extended key at a too large depth

Open darosior opened this issue 3 years ago • 4 comments
trafficstars

We would previously silently wrap the derived child's depth back to 0. Instead, explicitly fail when trying to derive an impossible depth, and handle the error in callers.

An extended fuzzing corpus of descriptor_parse triggered this behaviour, which was reported by MarcoFalke.

Fixes #25751.

darosior avatar Jul 19 '22 10:07 darosior

Is the wrap actually harmful?

In any case, current code will never do this, right?

luke-jr avatar Jul 27 '22 02:07 luke-jr

It is harmful in the sense that this behaviour is not specified by BIP32. We could accept an invalid descriptor or xpub that another software would refuse (or worse, treat differently).

In any case, current code will never do this, right?

Well, it was triggered by current code.

darosior avatar Jul 27 '22 10:07 darosior

ACK 84f86dcc1d9ff6f3161c9567068216d7b27d3b39

achow101 avatar Aug 02 '22 20:08 achow101

re-ACK fb9faffae3a26b8aed8b671864ba679747163019

achow101 avatar Aug 09 '22 20:08 achow101

Hadn't occurred to me this implicit limit due to the encoding of xpub/xprv.

utACK https://github.com/bitcoin/bitcoin/pull/25642/commits/fb9faffae3a26b8aed8b671864ba679747163019

instagibbs avatar Aug 10 '22 13:08 instagibbs