From 770f36afad3bc12c93b74b4beb07b4d7a4a2cbc8 Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Thu, 13 May 2021 12:37:42 -0700 Subject: [PATCH] Check solution length in validate challenge Found by Fuzz Bot. --- applications/proof_of_work_app.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/applications/proof_of_work_app.go b/applications/proof_of_work_app.go index bdf0c61..87c8743 100644 --- a/applications/proof_of_work_app.go +++ b/applications/proof_of_work_app.go @@ -87,6 +87,9 @@ func (powapp *ProofOfWorkApplication) solveChallenge(challenge []byte, prng core // ValidateChallenge returns true if the message and spamguard pass the challenge func (powapp *ProofOfWorkApplication) validateChallenge(challenge []byte, solution []byte) bool { + if len(solution) != 32 { + return false + } solve := make([]byte, len(challenge)+32) copy(solve[0:], solution[0:32]) copy(solve[32:], challenge[:])