From dafaff1cdfc7b405ca4e5e2cb73ae3ba1c864fa7 Mon Sep 17 00:00:00 2001
From: Salvatore Ingala <6681844+bigspider@users.noreply.github.com>
Date: Mon, 17 Jul 2023 17:23:48 +0200
Subject: [PATCH] Verify xpub checksum after decoding

---
 src/common/wallet.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/common/wallet.c b/src/common/wallet.c
index 6066b8b0..8590cb29 100644
--- a/src/common/wallet.c
+++ b/src/common/wallet.c
@@ -382,6 +382,16 @@ int parse_policy_map_key_info(buffer_t *buffer, policy_map_key_info_t *out, int
         return WITH_ERROR(-1, "Error decoding serialized extended pubkey");
     }
 
+    // verify checksum
+    uint8_t checksum[4];
+    crypto_get_checksum((uint8_t *) &ext_pubkey_check.serialized_extended_pubkey,
+                        sizeof(ext_pubkey_check.serialized_extended_pubkey),
+                        checksum);
+
+    if (memcmp(&ext_pubkey_check.checksum, checksum, sizeof(checksum)) != 0) {
+        return WITH_ERROR(-1, "Wrong extended pubkey checksum");
+    }
+
     out->ext_pubkey = ext_pubkey_check.serialized_extended_pubkey;
 
     // either the string terminates now, or it has a final "/**" suffix for the wildcard.