From 74b9cbaa788d5dcdacb035dd9392b88adc6cb467 Mon Sep 17 00:00:00 2001
From: Aditya Kulkarni <adityapk@gmail.com>
Date: Wed, 4 Dec 2019 14:02:21 -0800
Subject: [PATCH] Validate input t-address

---
 frontend/service.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/frontend/service.go b/frontend/service.go
index 2c9e3f2c..50240ad9 100644
--- a/frontend/service.go
+++ b/frontend/service.go
@@ -5,6 +5,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"errors"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -47,6 +48,13 @@ func (s *LwdStreamer) GetLatestBlock(ctx context.Context, placeholder *walletrpc
 }
 
 func (s *LwdStreamer) GetAddressTxids(addressBlockFilter *walletrpc.TransparentAddressBlockFilter, resp walletrpc.CompactTxStreamer_GetAddressTxidsServer) error {
+	// Test to make sure Address is a single t address
+	match, err := regexp.Match("\\At[a-zA-Z0-9]{34}\\z", []byte(addressBlockFilter.Address))
+	if err != nil || !match {
+		s.log.Errorf("Unrecognized address: %s", addressBlockFilter.Address)
+		return nil
+	}
+
 	params := make([]json.RawMessage, 1)
 	st := "{\"addresses\": [\"" + addressBlockFilter.Address + "\"]," +
 		"\"start\": " + strconv.FormatUint(addressBlockFilter.Range.Start.Height, 10) +
@@ -56,8 +64,6 @@ func (s *LwdStreamer) GetAddressTxids(addressBlockFilter *walletrpc.TransparentA
 
 	result, rpcErr := s.client.RawRequest("getaddresstxids", params)
 
-	var err error
-
 	// For some reason, the error responses are not JSON
 	if rpcErr != nil {
 		s.log.Errorf("Got error: %s", rpcErr.Error())