From 3b0b9819cb0b73e3f99d18f36711b966c48443f5 Mon Sep 17 00:00:00 2001
From: Linzy Hu <linzy.hu@gmail.com>
Date: Tue, 15 Oct 2019 16:59:32 +0800
Subject: [PATCH] check whether account number is a valid base58 string

---
 account/account.go      | 3 +++
 account/account_test.go | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/account/account.go b/account/account.go
index 3e18c4f..937229d 100644
--- a/account/account.go
+++ b/account/account.go
@@ -460,6 +460,9 @@ func Verify(accountNumber string, message, signature []byte) error {
 
 func extractAuthPublicKey(accountNumber string) (publicKey []byte, err error) {
 	accountNumberBytes := encoding.FromBase58(accountNumber)
+	if len(accountNumberBytes) == 0 {
+		return nil, errors.New("invalid base58 string")
+	}
 
 	variantAndPubkey := accountNumberBytes[:len(accountNumberBytes)-ChecksumLength]
 	computedChecksum := sha3.Sum256(variantAndPubkey)
diff --git a/account/account_test.go b/account/account_test.go
index aa64de1..81c04d3 100644
--- a/account/account_test.go
+++ b/account/account_test.go
@@ -258,6 +258,9 @@ func TestValidateAccountNumber(t *testing.T) {
 
 	err = ValidateAccountNumber(livenetDeprecatedAccount.accountNumber)
 	assert.NoError(t, err)
+
+	err = ValidateAccountNumber("IOl")
+	assert.Error(t, err, "invalid base58 string")
 }
 
 func TestRecoverV1Account(t *testing.T) {