From 27c9bff17ef19896268c8a1b2c36b4bece582104 Mon Sep 17 00:00:00 2001
From: OutCast3k <OutCast3k@gmail.com>
Date: Tue, 9 Feb 2016 23:27:34 +0000
Subject: [PATCH] add extra validation to prevent invalid public keys being
 used. (as per issue 39)

---
 js/coin.js | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/js/coin.js b/js/coin.js
index 06d5781..216a395 100644
--- a/js/coin.js
+++ b/js/coin.js
@@ -278,20 +278,23 @@
 
 	/* decompress an compressed public key */
 	coinjs.pubkeydecompress = function(pubkey) {
-		var curve = EllipticCurve.getSECCurveByName("secp256k1");
-		try {
-			var pt = curve.curve.decodePointHex(pubkey);
-			var x = pt.getX().toBigInteger();
-			var y = pt.getY().toBigInteger();
+		if((typeof(pubkey) == 'string') && pubkey.match(/^[a-f0-9]+$/i)){
+			var curve = EllipticCurve.getSECCurveByName("secp256k1");
+			try {
+				var pt = curve.curve.decodePointHex(pubkey);
+				var x = pt.getX().toBigInteger();
+				var y = pt.getY().toBigInteger();
 
-			var publicKeyBytes = EllipticCurve.integerToBytes(x, 32);
-			publicKeyBytes = publicKeyBytes.concat(EllipticCurve.integerToBytes(y,32));
-			publicKeyBytes.unshift(0x04);
-			return Crypto.util.bytesToHex(publicKeyBytes);
-		} catch (e) {
-			// console.log(e);
-			return false;
+				var publicKeyBytes = EllipticCurve.integerToBytes(x, 32);
+				publicKeyBytes = publicKeyBytes.concat(EllipticCurve.integerToBytes(y,32));
+				publicKeyBytes.unshift(0x04);
+				return Crypto.util.bytesToHex(publicKeyBytes);
+			} catch (e) {
+				// console.log(e);
+				return false;
+			}
 		}
+		return false;
 	}
 
 	coinjs.testdeterministicK = function() {