From b6dfd9ef5422d80177b622fc2c486de00fcc0f73 Mon Sep 17 00:00:00 2001
From: Alex Beregszaszi <alex@rtfs.hu>
Date: Wed, 28 Feb 2018 16:57:35 +0100
Subject: Ensure that library addresses supplied are of correct length and hex
 prefixed in JSONIO

---
 libsolidity/interface/StandardCompiler.cpp | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

(limited to 'libsolidity')

diff --git a/libsolidity/interface/StandardCompiler.cpp b/libsolidity/interface/StandardCompiler.cpp
index 8c64c164..91fe72ae 100644
--- a/libsolidity/interface/StandardCompiler.cpp
+++ b/libsolidity/interface/StandardCompiler.cpp
@@ -27,6 +27,8 @@
 #include <libdevcore/JSON.h>
 #include <libdevcore/SHA3.h>
 
+#include <boost/algorithm/string.hpp>
+
 using namespace std;
 using namespace dev;
 using namespace dev::solidity;
@@ -337,16 +339,30 @@ Json::Value StandardCompiler::compileInternal(Json::Value const& _input)
 			return formatFatalError("JSONError", "library entry is not a JSON object.");
 		for (auto const& library: jsonSourceName.getMemberNames())
 		{
+			string address = jsonSourceName[library].asString();
+
+			if (!boost::starts_with(address, "0x"))
+				return formatFatalError(
+					"JSONError",
+					"Library address is not prefixed with \"0x\"."
+				);
+
+			if (address.length() != 42)
+				return formatFatalError(
+					"JSONError",
+					"Library address is of invalid length."
+				);
+
 			try
 			{
 				// @TODO use libraries only for the given source
-				libraries[library] = h160(jsonSourceName[library].asString());
+				libraries[library] = h160(address);
 			}
 			catch (dev::BadHexCharacter)
 			{
 				return formatFatalError(
 					"JSONError",
-					"Invalid library address (\"" + jsonSourceName[library].asString() + "\") supplied."
+					"Invalid library address (\"" + address + "\") supplied."
 				);
 			}
 		}
-- 
cgit v1.2.3