Catch NullPointerException from bouncy castle signature verification. This can be triggered by a specially crafted signature. Thanks to Sergio Damian Lerner for finding this.

2025-11-16 12:27:24 +00:00 · 2013-02-19 22:33:15 +01:00
parent 4b4eb7b623
commit 32cc7b4880
1 changed files with 3 additions and 0 deletions
--- a/core/src/main/java/com/google/bitcoin/core/ECKey.java
+++ b/core/src/main/java/com/google/bitcoin/core/ECKey.java
@@ -326,6 +326,9 @@ public class ECKey implements Serializable {
            return signer.verifySignature(data, r.getPositiveValue(), s.getPositiveValue());
        } catch (IOException e) {
            throw new RuntimeException(e);
+        } catch (NullPointerException e) {
+            // Bug in BouncyCastle can cause this for invalid signatures.
+            return false;
        }
    }