From 0cc2587c6f444b4c44365e5649e7967edce784ce Mon Sep 17 00:00:00 2001 From: Solar Designer Date: Fri, 5 Jan 2024 17:29:36 +0100 Subject: [PATCH] Blockchain format: Fix data over-read bug --- src/blockchain_common_plug.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/blockchain_common_plug.c b/src/blockchain_common_plug.c index 8c292154e0..039df84cd5 100644 --- a/src/blockchain_common_plug.c +++ b/src/blockchain_common_plug.c @@ -118,9 +118,9 @@ int blockchain_decrypt(unsigned char *derived_key, unsigned char *data) // "guid" will be found in the first block if (memmem(out, 16, "\"guid\"", 6)) { - AES_cbc_encrypt(data + 32, out + 16, SAFETY_FACTOR - 16, &akey, iv, + AES_cbc_encrypt(data + 32, out + 16, SAFETY_FACTOR - 32, &akey, iv, AES_DECRYPT); - if (memmem(out, SAFETY_FACTOR, "\"sharedKey\"", 11)) + if (memmem(out, SAFETY_FACTOR - 16, "\"sharedKey\"", 11)) // Do not check for "options" string. It is too further // down in the byte stream for v3 wallets. Note, we // 'could' check that the guid and sharedKey values are