From 32cc7b4880c766439cf081994e0f07e986b34c86 Mon Sep 17 00:00:00 2001
From: Mike Hearn <hearn@google.com>
Date: Tue, 19 Feb 2013 22:33:15 +0100
Subject: [PATCH] Catch NullPointerException from bouncy castle signature
 verification. This can be triggered by a specially crafted signature. Thanks
 to Sergio Damian Lerner for finding this.

---
 core/src/main/java/com/google/bitcoin/core/ECKey.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core/src/main/java/com/google/bitcoin/core/ECKey.java b/core/src/main/java/com/google/bitcoin/core/ECKey.java
index 13222f38..0210fe39 100644
--- a/core/src/main/java/com/google/bitcoin/core/ECKey.java
+++ b/core/src/main/java/com/google/bitcoin/core/ECKey.java
@@ -326,6 +326,9 @@ public class ECKey implements Serializable {
             return signer.verifySignature(data, r.getPositiveValue(), s.getPositiveValue());
         } catch (IOException e) {
             throw new RuntimeException(e);
+        } catch (NullPointerException e) {
+            // Bug in BouncyCastle can cause this for invalid signatures.
+            return false;
         }
     }