From c72dced8fa12003be412c19e19ad797a14b4fdac Mon Sep 17 00:00:00 2001
From: Michael Vines <mvines@gmail.com>
Date: Mon, 2 Jul 2018 14:54:35 -0700
Subject: [PATCH] Report error when an invalid confirmation signature or public
 key is provided

---
 src/bin/wallet.rs | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/bin/wallet.rs b/src/bin/wallet.rs
index d290de8983..d189461ca1 100644
--- a/src/bin/wallet.rs
+++ b/src/bin/wallet.rs
@@ -35,6 +35,7 @@ enum WalletCommand {
 #[derive(Debug, Clone)]
 enum WalletError {
     CommandNotRecognized(String),
+    BadParameter(String),
 }
 
 impl fmt::Display for WalletError {
@@ -173,6 +174,11 @@ fn parse_args() -> Result<WalletConfig, Box<error::Error>> {
                 let pubkey_vec = bs58::decode(pay_matches.value_of("to").unwrap())
                     .into_vec()
                     .expect("base58-encoded public key");
+
+                if pubkey_vec.len() != std::mem::size_of::<PublicKey>() {
+                    display_actions();
+                    Err(WalletError::BadParameter("Invalid public key".to_string()))?;
+                }
                 to = PublicKey::clone_from_slice(&pubkey_vec);
             } else {
                 to = id.pubkey();
@@ -187,8 +193,14 @@ fn parse_args() -> Result<WalletConfig, Box<error::Error>> {
             let sig_vec = bs58::decode(confirm_matches.value_of("signature").unwrap())
                 .into_vec()
                 .expect("base58-encoded signature");
-            let sig = Signature::clone_from_slice(&sig_vec);
-            Ok(WalletCommand::Confirm(sig))
+
+            if sig_vec.len() == std::mem::size_of::<Signature>() {
+                let sig = Signature::clone_from_slice(&sig_vec);
+                Ok(WalletCommand::Confirm(sig))
+            } else {
+                display_actions();
+                Err(WalletError::BadParameter("Invalid signature".to_string()))
+            }
         }
         ("balance", Some(_balance_matches)) => Ok(WalletCommand::Balance),
         ("address", Some(_address_matches)) => Ok(WalletCommand::Address),