From 48b55eed468d9515e82518ebb31d5c41fc1080a4 Mon Sep 17 00:00:00 2001
From: Mononaut <github@monospace.live>
Date: Sun, 23 Jul 2023 13:55:52 +0900
Subject: [PATCH] improve script hex parsing validation

---
 frontend/src/app/bitcoin.utils.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/frontend/src/app/bitcoin.utils.ts b/frontend/src/app/bitcoin.utils.ts
index 7ff0d9570..c4af730f6 100644
--- a/frontend/src/app/bitcoin.utils.ts
+++ b/frontend/src/app/bitcoin.utils.ts
@@ -283,7 +283,10 @@ export function isFeatureActive(network: string, height: number, feature: 'rbf'
 }
 
 export async function calcScriptHash$(script: string): Promise<string> {
-  const buf = Uint8Array.from(script.match(/.{1,2}/g).map((byte) => parseInt(byte, 16)));
+  if (!/^[0-9a-fA-F]*$/.test(script) || script.length % 2 !== 0) {
+    throw new Error('script is not a valid hex string');
+  }
+  const buf = Uint8Array.from(script.match(/.{2}/g).map((byte) => parseInt(byte, 16)));
   const hashBuffer = await crypto.subtle.digest('SHA-256', buf);
   const hashArray = Array.from(new Uint8Array(hashBuffer));
   return hashArray