From 123166790faf4b7eda30b0d286dae23a5ed1b8e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20G=C3=B6gge?= Date: Fri, 17 May 2024 16:37:36 +0100 Subject: [PATCH] common: Fix off-by-one in `from_bech32_charset` `bech32_charset_rev` is only 128 bytes in size but the `c < 0 || c > 128` check allows for `c` to be equal to 128 which would be out-of-bounds. Fix this off-by-one bug by changing the check to `c >= 128`. --- common/bech32_util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/bech32_util.c b/common/bech32_util.c index ed6b51d02..bae0f1e81 100644 --- a/common/bech32_util.c +++ b/common/bech32_util.c @@ -82,9 +82,9 @@ bool from_bech32_charset(const tal_t *ctx, u5data = tal_arr(NULL, u5, datalen); for (size_t i = 0; i < datalen; i++) { int c = sep[1+i]; - if (c < 0 || c > 128) - goto fail; c = fixup_char(c, &upper, &lower); + if (c < 0 || c >= 128) + goto fail; if (bech32_charset_rev[c] == -1) goto fail; u5data[i] = bech32_charset_rev[c];