From 30c9e79de32e529e9b87b836a1bc808e6dbbc646 Mon Sep 17 00:00:00 2001
From: Ian Coleman <coleman.ian@gmail.com>
Date: Mon, 15 Aug 2016 16:03:01 +1000
Subject: [PATCH] Derivation Path errors are detected.

---
 bip39-standalone.html | 34 +++++++++++++++++++++++++++++++++-
 src/js/index.js       | 34 +++++++++++++++++++++++++++++++++-
 2 files changed, 66 insertions(+), 2 deletions(-)

diff --git a/bip39-standalone.html b/bip39-standalone.html
index 9d975eb..dfeaa65 100644
--- a/bip39-standalone.html
+++ b/bip39-standalone.html
@@ -14838,7 +14838,39 @@ var Mnemonic = function(language) {
     }
 
     function findDerivationPathErrors(path) {
-        // TODO
+        // TODO is not perfect but is better than nothing
+        // Inspired by
+        // https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#test-vectors
+        // and
+        // https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#extended-keys
+        var maxDepth = 255; // TODO verify this!!
+        var maxIndexValue = Math.pow(2, 31); // TODO verify this!!
+        if (path[0] != "m") {
+            return "First character must be 'm'";
+        }
+        if (path.length > 1) {
+            if (path[1] != "/") {
+                return "Separator must be '/'";
+            }
+            var indexes = path.split("/");
+            if (indexes.length > maxDepth) {
+                return "Derivation depth is " + indexes.length + ", must be less than " + maxDepth;
+            }
+            for (var depth = 1; depth<indexes.length; depth++) {
+                var index = indexes[depth];
+                var invalidChars = index.replace(/^[0-9]+'?$/g, "")
+                if (invalidChars.length > 0) {
+                    return "Invalid characters " + invalidChars + " found at depth " + depth;
+                }
+                var indexValue = parseInt(index.replace("'", ""));
+                if (isNaN(depth)) {
+                    return "Invalid number at depth " + depth;
+                }
+                if (indexValue > maxIndexValue) {
+                    return "Value of " + indexValue + " at depth " + depth + " must be less than " + maxIndexValue;
+                }
+            }
+        }
         return false;
     }
 
diff --git a/src/js/index.js b/src/js/index.js
index f131e01..6f0da65 100644
--- a/src/js/index.js
+++ b/src/js/index.js
@@ -232,7 +232,39 @@
     }
 
     function findDerivationPathErrors(path) {
-        // TODO
+        // TODO is not perfect but is better than nothing
+        // Inspired by
+        // https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#test-vectors
+        // and
+        // https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#extended-keys
+        var maxDepth = 255; // TODO verify this!!
+        var maxIndexValue = Math.pow(2, 31); // TODO verify this!!
+        if (path[0] != "m") {
+            return "First character must be 'm'";
+        }
+        if (path.length > 1) {
+            if (path[1] != "/") {
+                return "Separator must be '/'";
+            }
+            var indexes = path.split("/");
+            if (indexes.length > maxDepth) {
+                return "Derivation depth is " + indexes.length + ", must be less than " + maxDepth;
+            }
+            for (var depth = 1; depth<indexes.length; depth++) {
+                var index = indexes[depth];
+                var invalidChars = index.replace(/^[0-9]+'?$/g, "")
+                if (invalidChars.length > 0) {
+                    return "Invalid characters " + invalidChars + " found at depth " + depth;
+                }
+                var indexValue = parseInt(index.replace("'", ""));
+                if (isNaN(depth)) {
+                    return "Invalid number at depth " + depth;
+                }
+                if (indexValue > maxIndexValue) {
+                    return "Value of " + indexValue + " at depth " + depth + " must be less than " + maxIndexValue;
+                }
+            }
+        }
         return false;
     }
 
-- 
2.41.0