From 44c46c8b67144e985655696bc7235a3f94cf20ed Mon Sep 17 00:00:00 2001
From: Taylor Hornby <taylor@defuse.ca>
Date: Tue, 17 Dec 2019 13:31:27 -0700
Subject: [PATCH] Make it more clear to auditors that security-critical regexp
 can't match strings with newlines

---
 frontend/service.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/service.go b/frontend/service.go
index 66d70500..b29a7746 100644
--- a/frontend/service.go
+++ b/frontend/service.go
@@ -56,7 +56,7 @@ func (s *SqlStreamer) GetAddressTxids(addressBlockFilter *walletrpc.TransparentA
 	var errCode int64
 
 	// Test to make sure Address is a single t address
-	match, err := regexp.Match("^t[a-zA-Z0-9]{34}$", []byte(addressBlockFilter.Address))
+	match, err := regexp.Match("\\At[a-zA-Z0-9]{34}\\z", []byte(addressBlockFilter.Address))
 	if err != nil || !match {
 		s.log.Errorf("Unrecognized address: %s", addressBlockFilter.Address)
 		return nil