Ensure that non-hex characters are caught in address checksumming

2 files changed, 7 insertions, 2 deletions

diff --git a/libdevcore/CommonData.cpp b/libdevcore/CommonData.cpp
index 85ad685b..445d11cd 100644
--- a/libdevcore/CommonData.cpp
+++ b/libdevcore/CommonData.cpp
@@ -21,6 +21,7 @@
 
 #include <libdevcore/CommonData.h>
 #include <libdevcore/Exceptions.h>
+#include <libdevcore/Assertions.h>
 #include <libdevcore/SHA3.h>
 
 #include <boost/algorithm/string.hpp>
@@ -92,10 +93,13 @@ bool dev::passesAddressChecksum(string const& _str, bool _strict)
 string dev::getChecksummedAddress(string const& _addr)
 {
 	string s = _addr.substr(0, 2) == "0x" ? _addr.substr(2) : _addr;
+	assertThrow(s.length() == 40, InvalidAddress, "");
+	assertThrow(s.find_first_not_of("0123456789abcdefABCDEF") == string::npos, InvalidAddress, "");
+
 	h256 hash = keccak256(boost::algorithm::to_lower_copy(s, std::locale::classic()));
-	string ret = "0x";
 
-	for (size_t i = 0; i < s.length(); ++i)
+	string ret = "0x";
+	for (size_t i = 0; i < 40; ++i)
 	{
 		char addressCharacter = s[i];
 		unsigned nibble = (unsigned(hash[i / 2]) >> (4 * (1 - (i % 2)))) & 0xf;
diff --git a/libdevcore/Exceptions.h b/libdevcore/Exceptions.h
index a3e638bf..cfe72fbf 100644
--- a/libdevcore/Exceptions.h
+++ b/libdevcore/Exceptions.h
@@ -44,6 +44,7 @@ private:
 
 #define DEV_SIMPLE_EXCEPTION(X) struct X: virtual Exception { const char* what() const noexcept override { return #X; } }
 
+DEV_SIMPLE_EXCEPTION(InvalidAddress);
 DEV_SIMPLE_EXCEPTION(BadHexCharacter);
 DEV_SIMPLE_EXCEPTION(FileError);