Merge bitcoin/bitcoin#25642: Don't wrap around when deriving an extended key at a too large depth

fb9faffae3 extended keys: fail to derive too large depth instead of wrapping around (Antoine Poinsot) 8dc6670ce1 descriptor: don't assert success of extended key derivation (Antoine Poinsot) 50cfc9e761 (pubk)key: mark Derive() as nodiscard (Antoine Poinsot) 0ca258a5ac descriptor: never ignore the return value when deriving an extended key (Antoine Poinsot) d3599c22bd spkman: don't ignore the return value when deriving an extended key (Antoine Poinsot) Pull request description: We would previously silently wrap the derived child's depth back to `0`. Instead, explicitly fail when trying to derive an impossible depth, and handle the error in callers. An extended fuzzing corpus of `descriptor_parse` triggered this behaviour, which was reported by MarcoFalke. Fixes #25751. ACKs for top commit: achow101: re-ACK fb9faffae3 instagibbs: utACK fb9faffae3 Tree-SHA512: 9f75c23572ce847239bd15e5497df2960b6bd63c61ea72347959d968b5c4c9a4bfeee284e76bdcd7bacbf9eeb70feee85ffd3e316f353ca6eca30e93aafad343
2025-12-15 07:03:40 +01:00 · 2022-08-10 14:09:53 -04:00
parent 251c535800 fb9faffae3
commit 93999a5fbe
8 changed files with 42 additions and 16 deletions
--- a/src/script/descriptor.cpp
+++ b/src/script/descriptor.cpp
@@ -328,7 +328,7 @@ class BIP32PubkeyProvider final : public PubkeyProvider
    {
        if (!GetExtKey(arg, xprv)) return false;
        for (auto entry : m_path) {
-            xprv.Derive(xprv, entry);
+            if (!xprv.Derive(xprv, entry)) return false;
            if (entry >> 31) {
                last_hardened = xprv;
            }
@@ -388,14 +388,13 @@ public:
            }
        } else {
            for (auto entry : m_path) {
-                der = parent_extkey.Derive(parent_extkey, entry);
-                assert(der);
+                if (!parent_extkey.Derive(parent_extkey, entry)) return false;
            }
            final_extkey = parent_extkey;
            if (m_derive == DeriveType::UNHARDENED) der = parent_extkey.Derive(final_extkey, pos);
            assert(m_derive != DeriveType::HARDENED);
        }
-        assert(der);
+        if (!der) return false;

        final_info_out = final_info_out_tmp;
        key_out = final_extkey.pubkey;
@@ -498,8 +497,8 @@ public:
        CExtKey extkey;
        CExtKey dummy;
        if (!GetDerivedExtKey(arg, extkey, dummy)) return false;
-        if (m_derive == DeriveType::UNHARDENED) extkey.Derive(extkey, pos);
-        if (m_derive == DeriveType::HARDENED) extkey.Derive(extkey, pos | 0x80000000UL);
+        if (m_derive == DeriveType::UNHARDENED && !extkey.Derive(extkey, pos)) return false;
+        if (m_derive == DeriveType::HARDENED && !extkey.Derive(extkey, pos | 0x80000000UL)) return false;
        key = extkey.key;
        return true;
    }