Library does not contain any code to correctly validate cashaddr with length greater than 160

[Steve132]

As seen in the cashaddr spec, cashaddr is supposed to have the bottom 3 bits of the version byte be an indicator of the size of the address. This means that valid version bytes can be like, 0x04 (indicating a 320 bit hash, for example).

This means if someone tries to use your lib to parse avalid larger cashaddress with lower version bits set, the lib will silently and strangely fail.

[oskyk]

I have noticed that you for forked the repo do you plan to fix it yourself? (I would welcome the PR and help you if needed) or will you leave that to me?

[Steve132]

I was going to work on fixing it, but I realized I didn't have a ton of time to do all the necessary testing. I can put my suggested patch in if you are willing to test it

On Wed, May 16, 2018 at 2:36 PM, oskyk [email protected] wrote:

I have noticed that you for forked the repo do you plan to fix it yourself? (I would welcome the PR and help you if needed) or will you leave that to me?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/oskyk/cashaddress/issues/5#issuecomment-389622201, or mute the thread https://github.com/notifications/unsubscribe-auth/AA1kMDU6SAJlb6dIqf6ncdvE9lH7f72Fks5tzHHCgaJpZM4UAkGB .

[oskyk]

Put it in I will test it :)

[Steve132]

https://github.com/oskyk/cashaddress/pull/6

[oskyk]

can you provide me with some valid addresses longer than 160bit?

[Steve132]

https://github.com/bitcoincashorg/bitcoincash.org/pull/24

I'd take a look at my implementation here https://github.com/Steve132/wallet_standard/blob/master/python/coffer/coins/_cashaddr.py