Merge bitcoin/bitcoin#25642: Don't wrap around when deriving an extended key at a too large depth

fb9faffae3 extended keys: fail to derive too large depth instead of wrapping around (Antoine Poinsot) 8dc6670ce1 descriptor: don't assert success of extended key derivation (Antoine Poinsot) 50cfc9e761 (pubk)key: mark Derive() as nodiscard (Antoine Poinsot) 0ca258a5ac descriptor: never ignore the return value when deriving an extended key (Antoine Poinsot) d3599c22bd spkman: don't ignore the return value when deriving an extended key (Antoine Poinsot) Pull request description: We would previously silently wrap the derived child's depth back to `0`. Instead, explicitly fail when trying to derive an impossible depth, and handle the error in callers. An extended fuzzing corpus of `descriptor_parse` triggered this behaviour, which was reported by MarcoFalke. Fixes #25751. ACKs for top commit: achow101: re-ACK fb9faffae3 instagibbs: utACK fb9faffae3 Tree-SHA512: 9f75c23572ce847239bd15e5497df2960b6bd63c61ea72347959d968b5c4c9a4bfeee284e76bdcd7bacbf9eeb70feee85ffd3e316f353ca6eca30e93aafad343
2025-10-11 03:53:22 +02:00 · 2022-08-10 14:09:53 -04:00
parent 251c535800 fb9faffae3
commit 93999a5fbe
8 changed files with 42 additions and 16 deletions
--- a/src/pubkey.cpp
+++ b/src/pubkey.cpp
@@ -365,6 +365,7 @@ void CExtPubKey::DecodeWithVersion(const unsigned char code[BIP32_EXTKEY_WITH_VE
 }

 bool CExtPubKey::Derive(CExtPubKey &out, unsigned int _nChild) const {
+    if (nDepth == std::numeric_limits<unsigned char>::max()) return false;
    out.nDepth = nDepth + 1;
    CKeyID id = pubkey.GetID();
    memcpy(out.vchFingerprint, &id, 4);