fix(wallet): truncate mnemonic passphrase instead of crashing

This commit is contained in:
UdjinM6 2023-06-10 23:08:48 +03:00
parent 6f639ea5f1
commit d53e657513
2 changed files with 3 additions and 3 deletions

View File

@ -147,11 +147,11 @@ bool CMnemonic::Check(SecureString mnemonic)
return fResult;
}
// passphrase must be at most 256 characters or code may crash
// passphrase must be at most 256 characters otherwise it would be truncated
void CMnemonic::ToSeed(SecureString mnemonic, SecureString passphrase, SecureVector& seedRet)
{
SecureString ssSalt = SecureString("mnemonic") + passphrase;
SecureVector vchSalt(ssSalt.begin(), ssSalt.end());
SecureVector vchSalt(ssSalt.begin(), ssSalt.begin() + strnlen(ssSalt.data(), 256));
seedRet.resize(64);
PKCS5_PBKDF2_HMAC_SHA512(mnemonic.c_str(), mnemonic.size(), vchSalt.data(), vchSalt.size(), 2048, 64, seedRet.data());
}

View File

@ -32,7 +32,7 @@ public:
static SecureString Generate(int strength); // strength in bits
static SecureString FromData(const SecureVector& data, int len);
static bool Check(SecureString mnemonic);
// passphrase must be at most 256 characters or code may crash
// passphrase must be at most 256 characters otherwise it would be truncated
static void ToSeed(SecureString mnemonic, SecureString passphrase, SecureVector& seedRet);
};