blockstack_lib::address::c32::c32_address_decode seems to be called from a couple locations in the chainstate and vm directories, which in turn are transitively called from several other places:
If the c32_address_decode function is not intended to work with UTF-8 data, it would be more suitable for its input type to be something like &[u8] or &Vec<u8>. Either of these types would avoid the possibility of splitting across multi-byte character boundaries.
Description
The
blockstack_lib::address::c32::c32_address_decodefunction panics when given crafted non-ASCII input.Example 1
Given the input str
"ΰIII",c32_address_decodepanics:This happens on line 221 when trying to create a slice from input that spans a multi-byte character boundary:
https://github.com/trailofbits/x-audit-blockstack-core/blob/e2d3d5bae539d242851620e28129af6c4a9de642/src/address/c32.rs#L217-L223
Example 2
Given the input str
"Ű001",c32_check_decodepanics:This happens on line 183 when trying to create a slice from input that spans a multi-byte character boundary:
https://github.com/trailofbits/x-audit-blockstack-core/blob/e2d3d5bae539d242851620e28129af6c4a9de642/src/address/c32.rs#L177-L183
Notes
blockstack_lib::address::c32::c32_address_decodeseems to be called from a couple locations in the chainstate and vm directories, which in turn are transitively called from several other places:https://github.com/trailofbits/x-audit-blockstack-core/blob/e2d3d5bae539d242851620e28129af6c4a9de642/src/chainstate/stacks/address.rs#L144
https://github.com/trailofbits/x-audit-blockstack-core/blob/e2d3d5bae539d242851620e28129af6c4a9de642/src/vm/types/mod.rs#L331
Recommendations
If the
c32_address_decodefunction is not intended to work with UTF-8 data, it would be more suitable for its input type to be something like&[u8]or&Vec<u8>. Either of these types would avoid the possibility of splitting across multi-byte character boundaries.