From 3465f540e3eaedccb5309711b502f0febf56b52f Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Tue, 17 Mar 2026 17:11:10 -0500
Subject: nip44: reject non-canonical extended prefix in unpad() pseudocode

When the 6-byte extended prefix sentinel is detected, validate that
the decoded length is >= extended_prefix_threshold (65536). Without
this, the same plaintext could be encoded with either prefix format,
breaking strict canonicalization.
---
 44.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/44.md b/44.md
index fcf6009..47b8990 100644
--- a/44.md
+++ b/44.md
@@ -215,6 +215,7 @@ def unpad(padded):
   first_two = read_uint16_be(padded[0:2])
   if first_two == 0:
     unpadded_len = read_uint32_be(padded[2:6])
+    if unpadded_len < c.extended_prefix_threshold: raise Exception('invalid padding')
     prefix_len = 6
   else:
     unpadded_len = first_two
-- 
cgit v1.2.3