From b175c6b6094525c34039eecc5babd9d798eb9146 Mon Sep 17 00:00:00 2001 From: SomberNight Date: Sun, 13 May 2018 03:11:20 +0200 Subject: [PATCH] fix #4360 --- lib/bitcoin.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/bitcoin.py b/lib/bitcoin.py index ba540c6d4..76888e451 100644 --- a/lib/bitcoin.py +++ b/lib/bitcoin.py @@ -944,6 +944,8 @@ def xpub_header(xtype, *, net=None): def serialize_xprv(xtype, c, k, depth=0, fingerprint=b'\x00'*4, child_number=b'\x00'*4, *, net=None): + if not (0 < string_to_number(k) < SECP256k1.order): + raise BitcoinException('Impossible xprv (not within curve order)') xprv = xprv_header(xtype, net=net) \ + bytes([depth]) + fingerprint + child_number + c + bytes([0]) + k return EncodeBase58Check(xprv) @@ -975,6 +977,8 @@ def deserialize_xkey(xkey, prv, *, net=None): xtype = list(headers.keys())[list(headers.values()).index(header)] n = 33 if prv else 32 K_or_k = xkey[13+n:] + if prv and not (0 < string_to_number(K_or_k) < SECP256k1.order): + raise BitcoinException('Impossible xprv (not within curve order)') return xtype, depth, fingerprint, child_number, c, K_or_k