Add buffer length check in getAddressFromPublicKey #9083

ishantiw · 2023-10-11T09:52:38Z

Description

When calling getLisk32AddressFromPublicKey it accepts publicKey as an argument but by mistake users can pass any length buffer as their is no check and it can result in unintended output of the function or incorrect address which can be misleading.

Add buffer length check to atleast avoid incorrect length buffers which can alert the user if they are passing incorrect buffer. Since this function accepts publicKey we can have a length check === 32 for buffer and throw error if not.

Steps to reproduce

Call cryptography.address.getLisk32AddressFromPublicKey(Buffer.alloc(1)) it will result in lsk92dzwnnge9h4ynmm3tt5efz6myj4zn4gt2yh4z

Which version(s) does this affect? (Environment, OS, etc...)

v6.0.0-rc.3

The text was updated successfully, but these errors were encountered:

ishantiw added type: bug elements/cryptography labels Oct 11, 2023

Madhulearn mentioned this issue Oct 13, 2023

Prepare Lisk SDK v6.0.0 for production #7242

Closed

34 tasks

Madhulearn added this to the Sprint 106 milestone Oct 22, 2023

Phanco self-assigned this Oct 23, 2023

Madhulearn modified the milestones: Sprint 106, Sprint 107 Oct 24, 2023

Phanco mentioned this issue Oct 26, 2023

Add length check to getLisk32AddressFromPublicKey #9124

Merged

shuse2 closed this as completed Oct 31, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add buffer length check in getAddressFromPublicKey #9083

Add buffer length check in getAddressFromPublicKey #9083

ishantiw commented Oct 11, 2023

Add buffer length check in getAddressFromPublicKey #9083

Add buffer length check in getAddressFromPublicKey #9083

Comments

ishantiw commented Oct 11, 2023

Description

Steps to reproduce

Which version(s) does this affect? (Environment, OS, etc...)