Skip to content

fix(ecdsa): narrow hex char validation in Signature::from_str#1253

Closed
PrarthanaPurohit wants to merge 3 commits intoRustCrypto:masterfrom
PrarthanaPurohit:fix/ecdsa-fromstr-hex-validation
Closed

fix(ecdsa): narrow hex char validation in Signature::from_str#1253
PrarthanaPurohit wants to merge 3 commits intoRustCrypto:masterfrom
PrarthanaPurohit:fix/ecdsa-fromstr-hex-validation

Conversation

@PrarthanaPurohit
Copy link

@PrarthanaPurohit PrarthanaPurohit commented Mar 15, 2026

The Issue:
The original code was validating hex strings with an incorrect pattern:

.all(|&byte| matches!(byte, b'0'..=b'9' | b'a'..=b'z' | b'A'..=b'Z'))

This was checking for:

  • Digits: 0-9
  • Lowercase letters: a-z ✗ (should be only a-f)
  • Uppercase letters: A-Z ✗ (should be only A-F)

The Problem:
The validation was accepting invalid hexadecimal characters like g-z and G-Z, which would cause parsing errors later when trying to convert the string to a signature.

The Fix:
Changed to the correct hex validation pattern:

.all(|&byte| matches!(byte, b'0'..=b'9' | b'a'..=b'f' | b'A'..=b'F'))

Now it properly validates only valid hexadecimal characters (0-9, a-f, A-F), preventing invalid input from passing the initial check and ensuring the from_str implementation correctly rejects non-hex strings early.

@newpavlov
Copy link
Member

newpavlov commented Mar 16, 2026

Closing in favor of #1255.

@newpavlov newpavlov closed this Mar 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PrarthanaPurohit @newpavlov