Detected during my audit, right before fuzzing, the code that
checked for presence of hyphens per path segment assumed that
the part would always be non-empty. However, with paths such as:
* m/4/
* /44/
* m/4///
it'd panic with a runtime slice out of bounds.
With this new change, we now:
* firstly strip the right trailing slash
* on finding any empty segments of a path return an error
Fixes#8557
* crypto/hd: properly catch index overflows to ensure conformance with BIP 32
Uses 31 bits as the bitsize argument to strconv.ParseUint to ensure
that we correctly parse values in the range [0, max(int32)]
Adds tests too to prevent future regressions of this subtlety.
Fixes#7627.
* Address Fedekunze's testing review
crypto/keyring:
`Keybase` interface gives way to its successor: `Keyring`. `LegacyKeybase`
interface is added in order to guarantee limited backward compatibility with
the old `Keybase` interface for the sole purpose of migrating keys across
the new keyring backends.
The package no longer depends on the `github.com/types.Config`
singleton.
`SupportedAlgos` and `SupportedLedgerAlgos` methods have been removed.
The keyring just fails when trying to perform an action with an unsupported
algorithm.
crypto/ subdirs reorganization:
`crypto/keys/hd` was moved to `crypto/hd`, which now groups together
all HD wallets related types and utilities.
client/input:
* Removal of unnecessary `GetCheckPassword`, `PrintPrefixed` functions.
* `GetConfirmation`'s signature changed to take in a io.Writer for better integration
with `cobra.Command` types.
client/context:
* In-memory keyring is allocated in the context when `--gen-only` flag is passed
in. `GetFromFields` does no longer silently allocate a keyring, it takes one as
argument.
Co-authored with @jgimeno
Co-authored-by: Jonathan Gimeno <jgimeno@gmail.com>
Emmanuel T Odeke
Alessio Treglia
Federico Kunze