From 2499b1b139d82f2f266ce9c79aebca1568396a51 Mon Sep 17 00:00:00 2001
From: Felix Lange <fjl@users.noreply.github.com>
Date: Mon, 11 Dec 2017 22:47:10 +0100
Subject: [PATCH] rlp: fix string size check in readKind (#15625)

Issue found by @guidovranken
---
 rlp/raw.go      | 2 +-
 rlp/raw_test.go | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/rlp/raw.go b/rlp/raw.go
index 6bf1c1df8..2b3f328f6 100644
--- a/rlp/raw.go
+++ b/rlp/raw.go
@@ -98,7 +98,7 @@ func readKind(buf []byte) (k Kind, tagsize, contentsize uint64, err error) {
 		tagsize = 1
 		contentsize = uint64(b - 0x80)
 		// Reject strings that should've been single bytes.
-		if contentsize == 1 && buf[1] < 128 {
+		if contentsize == 1 && len(buf) > 1 && buf[1] < 128 {
 			return 0, 0, 0, ErrCanonSize
 		}
 	case b < 0xC0:
diff --git a/rlp/raw_test.go b/rlp/raw_test.go
index bac09d8d4..2aad04210 100644
--- a/rlp/raw_test.go
+++ b/rlp/raw_test.go
@@ -96,6 +96,7 @@ func TestSplit(t *testing.T) {
 		{input: "F90055", err: ErrCanonSize, rest: "F90055"},
 		{input: "FA0002FFFF", err: ErrCanonSize, rest: "FA0002FFFF"},
 
+		{input: "81", err: ErrValueTooLarge, rest: "81"},
 		{input: "8501010101", err: ErrValueTooLarge, rest: "8501010101"},
 		{input: "C60607080902", err: ErrValueTooLarge, rest: "C60607080902"},
 
-- 
GitLab