From 13a7fd731eeb8d6806f6775c6da5893986f11fd5 Mon Sep 17 00:00:00 2001 From: Jon Griffiths Date: Wed, 6 Sep 2023 23:01:23 +1200 Subject: [PATCH] descriptor-policy: disallow solved cardinalities other than 1 and 2 Point 10 of the policy key requirements --- src/ctest/test_descriptor.c | 5 +++++ src/descriptor.c | 9 ++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/ctest/test_descriptor.c b/src/ctest/test_descriptor.c index 5afad4920..93be7454e 100644 --- a/src/ctest/test_descriptor.c +++ b/src/ctest/test_descriptor.c @@ -1466,6 +1466,11 @@ static const struct descriptor_test { "sh(multi(1,@0/<0;1>/*,@1/*))", WALLY_NETWORK_BITCOIN_MAINNET, 0, 0, 0, NULL, WALLY_MINISCRIPT_POLICY, NULL, "" + }, { + "policy errchk - invlid key cardinality", + "pkh(@0/<0;1;2>/*)", + WALLY_NETWORK_BITCOIN_MAINNET, 0, 0, 0, NULL, + WALLY_MINISCRIPT_POLICY, NULL, "" } }; diff --git a/src/descriptor.c b/src/descriptor.c index 532b0fc7e..be9c13923 100644 --- a/src/descriptor.c +++ b/src/descriptor.c @@ -2613,9 +2613,12 @@ int wally_descriptor_parse(const char *miniscript, flags, NULL, NULL, &ctx->top_node); if (ret == WALLY_OK) ret = node_generation_size(ctx->top_node, &ctx->script_len); - if (ret == WALLY_OK && (flags & WALLY_MINISCRIPT_POLICY) && - ctx->num_keys != num_substitutions) - ret = WALLY_EINVAL; + if (ret == WALLY_OK && (flags & WALLY_MINISCRIPT_POLICY)) { + if (ctx->num_keys != num_substitutions) + ret = WALLY_EINVAL; /* A non-substituted key was present */ + else if (ctx->num_variants > 1 || ctx->num_multipaths > 2) + ret = WALLY_EINVAL; /* Solved cardinality must be 1 or 2 */ + } } if (ret != WALLY_OK) { wally_descriptor_free(ctx);