certusone
/
cosmos-sdk
mirror of https://github.com/certusone/cosmos-sdk.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
cosmos-sdk/crypto
History
Emmanuel T Odeke f970056a92
crypto/hd: make DerivePrivateKeyForPath error and not panic on trailing slashes (#8607) 
Detected during my audit, right before fuzzing, the code that
checked for presence of hyphens per path segment assumed that
the part would always be non-empty. However, with paths such as:
* m/4/
* /44/
* m/4///

it'd panic with a runtime slice out of bounds.

With this new change, we now:
* firstly strip the right trailing slash
* on finding any empty segments of a path return an error

Fixes #8557
 		2021-02-17 10:30:04 +00:00
..
codec adr-028 address generation (#8415) 2021-02-15 15:32:51 +00:00
hd crypto/hd: make DerivePrivateKeyForPath error and not panic on trailing slashes (#8607) 2021-02-17 10:30:04 +00:00
keyring adr-028 address generation (#8415) 2021-02-15 15:32:51 +00:00
keys adr-028 address generation (#8415) 2021-02-15 15:32:51 +00:00
ledger Fix CryptoCdc inconsistent (#7987) 2020-12-02 14:50:50 +01:00
types Update gogo proto deps with v1.3.2 security fixes (#8350) 2021-01-15 19:45:34 +00:00
armor.go Fix CryptoCdc inconsistent (#7987) 2020-12-02 14:50:50 +01:00
armor_test.go all: ensure b.ReportAllocs() in all the benchmarks (#8460) 2021-01-27 23:52:08 -08:00
bcrypt_readme.md merge crypto/keys/mintkey into crypto/ (#5880) 2020-03-27 10:24:19 +01:00