Skip to content

BIP352: fix loop range issue in get_pubkey_from_input function #1806

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

BIP352: fix loop range issue in get_pubkey_from_input function #1806

wants to merge 1 commit into from

Conversation

famouswizard
Copy link

I fixed an issue in the get_pubkey_from_input function where the loop for extracting the public key from the scriptSig wasn't correctly handling the range of indices. The loop now starts from the correct index, ensuring that the last 33 bytes of the vin.scriptSig are properly checked against the scriptPubKey hash. This change ensures the function works as intended without going out of bounds or missing the correct data.

Changes:

  • Adjusted the loop range to correctly shift the window over the last 33 bytes of vin.scriptSig.
  • Added a check to ensure that we don't go out of bounds when slicing the data.

This should resolve the issue with incorrectly processed scriptSig data.

@quapka
Copy link
Contributor

quapka commented Mar 30, 2025

Is it possible to add, previously failing and now passing, test vectors? I suppose they could go to this file https://github.com/bitcoin/bips/blob/master/bip-0352/send_and_receive_test_vectors.json

@jonatack
Copy link
Member

Is it possible to add, previously failing and now passing, test vectors?

Agree, and please also make separate commits for (1) test coverage, if any is missing, (2) the proposed fix with updated test coverage, (3) code refactoring, and (4) code style and grammar changes.

@murchandamus murchandamus changed the title chore: fix loop range issue in get_pubkey_from_input function BIP352: fix loop range issue in get_pubkey_from_input function Apr 1, 2025
@jonatack
Copy link
Member

jonatack commented Apr 4, 2025

@famouswizard do you plan to update here, based on the feedback?

@jonatack
Copy link
Member

Let's close this PR if no author update by May 1.

@jonatack jonatack added the PR Author action required Needs updates, has unaddressed review comments, or is otherwise waiting for PR author label Apr 14, 2025
murchandamus
murchandamus requested changes Apr 15, 2025
View reviewed changes
Copy link
Contributor

@murchandamus murchandamus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add an explanation to your commit message describing what problem you discovered and how your code change mitigates.

bip-0352/reference.py
@@ -32,54 +32,51 @@ def get_pubkey_from_input(vin: VinInfo) -> ECPubKey:
# skip the first 3 op_codes and grab the 20 byte hash
# from the scriptPubKey
spk_hash = vin.prevout[3:3 + 20]
for i in range(len(vin.scriptSig), 0, -1):
if i - 33 >= 0:
for i in range(len(vin.scriptSig) - 33, 0, -1):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’m not sure what issue is being fixed here. Before this loop, we have already determined that we are looking at a P2PKH input. The P2PKH input script consists of a signature and the pubkey. The pubkey bytes are the last 33 bytes of the input script. However, P2PKH is malleable and could have additional junk bytes after the pubkey. This loop starts by reading the last 33 bytes and in each iteration goes forward one byte until it finds the pubkey.

If I understand this code and the change right, the changed code skips reading the last 33 bytes which means that it breaks support for P2PKH. I may misunderstand what’s going on, if that is so, please elaborate what problem was discovered that this fixes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@murchandamus murchandamus murchandamus requested changes

Assignees
No one assigned
Labels
PR Author action required Needs updates, has unaddressed review comments, or is otherwise waiting for PR author Proposed BIP modification
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@famouswizard @quapka @jonatack @murchandamus