From 03e42d2e3866f01a00625f608e3bbfaeb30690de Mon Sep 17 00:00:00 2001
From: Jae Kwon <jae@tendermint.com>
Date: Mon, 5 Nov 2018 22:53:44 -0800
Subject: [PATCH] =?UTF-8?q?Fix=20crypto/merkle=20ProofOperators.Verify=20t?=
 =?UTF-8?q?o=20check=20bounds=20on=20keypath=20pa=E2=80=A6=20(#2756)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Fix crypto/merkle ProofOperators.Verify to check bounds on keypath parts.

* Update PENDING
---
 CHANGELOG_PENDING.md        | 2 ++
 crypto/merkle/proof.go      | 3 +++
 crypto/merkle/proof_test.go | 4 ++++
 3 files changed, 9 insertions(+)

diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md
index ea0a666b..68a55039 100644
--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -25,4 +25,6 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
 ### IMPROVEMENTS:
 
 ### BUG FIXES:
+
+- [crypto/merkle] [\#2756](https://github.com/tendermint/tendermint/issues/2756) Fix crypto/merkle ProofOperators.Verify to check bounds on keypath parts.
 - [mempool] fix a bug where we create a WAL despite `wal_dir` being empty
diff --git a/crypto/merkle/proof.go b/crypto/merkle/proof.go
index 5705c96b..8f8b460c 100644
--- a/crypto/merkle/proof.go
+++ b/crypto/merkle/proof.go
@@ -43,6 +43,9 @@ func (poz ProofOperators) Verify(root []byte, keypath string, args [][]byte) (er
 	for i, op := range poz {
 		key := op.GetKey()
 		if len(key) != 0 {
+			if len(keys) == 0 {
+				return cmn.NewError("Key path has insufficient # of parts: expected no more keys but got %+v", string(key))
+			}
 			lastKey := keys[len(keys)-1]
 			if !bytes.Equal(lastKey, key) {
 				return cmn.NewError("Key mismatch on operation #%d: expected %+v but got %+v", i, string(lastKey), string(key))
diff --git a/crypto/merkle/proof_test.go b/crypto/merkle/proof_test.go
index cc208e9a..320b9188 100644
--- a/crypto/merkle/proof_test.go
+++ b/crypto/merkle/proof_test.go
@@ -107,6 +107,10 @@ func TestProofOperators(t *testing.T) {
 	err = popz.Verify(bz("OUTPUT4"), "//KEY4/KEY2/KEY1", [][]byte{bz("INPUT1")})
 	assert.NotNil(t, err)
 
+	// BAD KEY 5
+	err = popz.Verify(bz("OUTPUT4"), "/KEY2/KEY1", [][]byte{bz("INPUT1")})
+	assert.NotNil(t, err)
+
 	// BAD OUTPUT 1
 	err = popz.Verify(bz("OUTPUT4_WRONG"), "/KEY4/KEY2/KEY1", [][]byte{bz("INPUT1")})
 	assert.NotNil(t, err)