fix(crypto): address security review findings on HTTP status, null guards, and key length

Federico2014 · Federico2014 · commit 37c7ab5fe426 · 2026-04-09T14:07:54.000+08:00
diff --git a/crypto/src/main/java/org/tron/common/crypto/ECKey.java b/crypto/src/main/java/org/tron/common/crypto/ECKey.java
@@ -266,6 +266,11 @@ public static boolean isValidPrivateKey(byte[] keyBytes) {
     if (ByteArray.isEmpty(keyBytes)) {
       return false;
     }
+    // Accept a 33-byte array only when the leading byte is 0x00 (BigInteger sign-byte padding);
+    // reject anything longer or any non-canonical 33-byte encoding.
+    if (keyBytes.length > 33 || (keyBytes.length == 33 && keyBytes[0] != 0x00)) {
+      return false;
+    }
 
     BigInteger key = new BigInteger(1, keyBytes);
     return key.compareTo(BigInteger.ONE) >= 0 && key.compareTo(CURVE.getN()) < 0;
@@ -350,6 +355,9 @@ public static ECKey fromPrivate(byte[] privKeyBytes) {
    * @return -
    */
   public static ECKey fromPublicOnly(byte[] pub) {
+    if (ByteArray.isEmpty(pub)) {
+      throw new IllegalArgumentException("Public key bytes cannot be null or empty");
+    }
     return new ECKey(null, CURVE.getCurve().decodePoint(pub));
   }
 
@@ -417,6 +425,9 @@ public static byte[] signatureToKeyBytes(byte[] messageHash, String signatureBas
 
   public static byte[] signatureToKeyBytes(byte[] messageHash,
       ECDSASignature sig) throws SignatureException {
+    if (messageHash == null || sig == null) {
+      throw new IllegalArgumentException("messageHash and sig cannot be null");
+    }
     check(messageHash.length == 32, "messageHash argument has length " +
         messageHash.length);
     int header = sig.v;
diff --git a/crypto/src/main/java/org/tron/common/crypto/sm2/SM2.java b/crypto/src/main/java/org/tron/common/crypto/sm2/SM2.java
@@ -272,6 +272,11 @@ public static boolean isValidPrivateKey(byte[] keyBytes) {
     if (ByteArray.isEmpty(keyBytes)) {
       return false;
     }
+    // Accept a 33-byte array only when the leading byte is 0x00 (BigInteger sign-byte padding);
+    // reject anything longer or any non-canonical 33-byte encoding.
+    if (keyBytes.length > 33 || (keyBytes.length == 33 && keyBytes[0] != 0x00)) {
+      return false;
+    }
 
     BigInteger key = new BigInteger(1, keyBytes);
     return key.compareTo(BigInteger.ONE) >= 0 && key.compareTo(SM2_N) < 0;
diff --git a/framework/src/main/java/org/tron/core/services/http/ScanShieldedTRC20NotesByIvkServlet.java b/framework/src/main/java/org/tron/core/services/http/ScanShieldedTRC20NotesByIvkServlet.java
@@ -53,6 +53,9 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
               ivkDecryptTRC20Parameters.getAk().toByteArray(),
               ivkDecryptTRC20Parameters.getNk().toByteArray());
       response.getWriter().println(convertOutput(notes, params.isVisible()));
+    } catch (IllegalArgumentException e) {
+      response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+      Util.processError(e, response);
     } catch (Exception e) {
       Util.processError(e, response);
     }
@@ -82,6 +85,9 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) {
               ByteArray.fromHexString(contractAddress), ByteArray.fromHexString(ivk),
               ByteArray.fromHexString(ak), ByteArray.fromHexString(nk));
       response.getWriter().println(convertOutput(notes, visible));
+    } catch (IllegalArgumentException e) {
+      response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+      Util.processError(e, response);
     } catch (Exception e) {
       Util.processError(e, response);
     }
diff --git a/framework/src/main/java/org/tron/core/services/http/ScanShieldedTRC20NotesByOvkServlet.java b/framework/src/main/java/org/tron/core/services/http/ScanShieldedTRC20NotesByOvkServlet.java
@@ -35,6 +35,9 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
               ovkDecryptTRC20Parameters.getShieldedTRC20ContractAddress().toByteArray());
       response.getWriter()
           .println(ScanShieldedTRC20NotesByIvkServlet.convertOutput(notes, params.isVisible()));
+    } catch (IllegalArgumentException e) {
+      response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+      Util.processError(e, response);
     } catch (Exception e) {
       Util.processError(e, response);
     }
@@ -60,6 +63,9 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) {
 
       response.getWriter()
           .println(ScanShieldedTRC20NotesByIvkServlet.convertOutput(notes, visible));
+    } catch (IllegalArgumentException e) {
+      response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+      Util.processError(e, response);
     } catch (Exception e) {
       Util.processError(e, response);
     }
