Open brunoerg opened 2 weeks ago
btcd also doesn't check. API mismatch.
Yep, you can see that https://docs.rs/bitcoin/0.32.0/src/bitcoin/psbt/mod.rs.html#1197-1200 (a) calls Psbt::deserialize
rather than encode::deserialize
(PSBT has its own serialization module which does not have any no-trailing-data-checks) and (b) does not do any additional checks.
Definitely from_str
should have a max length check. Doesn't look like we have any from_slice
type method but if we do then it should also do a check.
Definitely from_str should have a max length check. Doesn't look like we have any from_slice type method but if we do then it should also do a check.
Should we open an issue in rust-bitcoin repo to facilitate tracking this?
Yes, please do!
Just got a crash in psbt target, Bitcoin Core fails due to extra data after PSBT while rust-bitcoin seems not checking it.
Base64: cHNidP8BAAr///8AAAAAAAAAAD0Acw==