CodeBug : should compare return value from memcmp with zero. #3090

issue imzhuli opened this issue on October 15, 2013
  1. imzhuli commented at 9:31 AM on October 15, 2013: none

    src/key.h: 207 friend bool operator==(const CKey &a, const CKey &b) { 208 return a.fCompressed == b.fCompressed && memcmp(&a.vch[0], &b.vch[0], 32); 209 }

    should compare return value from memcmp with zero.

    what's more, to be accurate , this function should return true only when both keys are valid.

  2. laanwj commented at 9:43 AM on October 15, 2013: member

    Indeed, this should clearly be !memcmp(...). That's quite a sneaky bug.

    Phew, luckily the key == functions are not used anywhere. I made CKey:==, CExtPubKey:== and CExtKey:== private and everything still compiles.

    Not meant as excuse not to fix this, but at least there's no security problem with the current releases.

  3. imzhuli commented at 10:12 AM on October 15, 2013: none

    ^ ^ , I saw many many unused codes in bitcoind, I am rewriting a c++11 version without boost & jsonspirit. hope I can help.

  4. gavinandresen closed this on Oct 30, 2013
  5. MathyV referenced this in commit 06c0e09875 on Jul 31, 2014
  6. MathyV referenced this in commit 24c6945cd1 on Aug 1, 2014
  7. MathyV referenced this in commit 5483be57a0 on Aug 3, 2014
  8. MathyV referenced this in commit 2fa4faddbc on Aug 5, 2014
  9. DrahtBot locked this on Sep 8, 2021
Contributors
imzhulilaanwj
Labels
Bug
Linked (view graph)
#3176 fix wrong memcmp() usage in CKey::operator==
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-21 21:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me