Merge #743: feat: actually check push data bytes

e2e9281 feat: check max script sig push (ChrisCho-H)

Pull request description:

  Miniscript witness item can be maximum 72 bytes(except length prefix), but it only throws error when it's >= 4294967296 bytes as only dependant on `PushBytesError` from bitcoin crate.  I've changed the logic to check the maximum length internally so that actual check can be done.

ACKs for top commit:
  apoelstra:
    ACK e2e9281 successfully ran local tests; thanks for iterating!

Tree-SHA512: 7b75bc3c72c29377d0f188d6d3826f740554075b5cdc73e2a7addb1b41bf74b695cc2f97a4c025dea4176f90b0eef54577a94a032c80ec5e9bdbcb23ef98493e

Author: apoelstra

src/util.rs

@@ -2,6 +2,7 @@
 
 use core::convert::TryFrom;
 
+use bitcoin::constants::MAX_SCRIPT_ELEMENT_SIZE;
 use bitcoin::hashes::Hash;
 use bitcoin::script::{self, PushBytes, ScriptBuf};
 use bitcoin::PubkeyHash;
@@ -49,12 +50,16 @@ pub(crate) fn witness_size<T: ItemSize>(wit: &[T]) -> usize {
 
 pub(crate) fn witness_to_scriptsig(witness: &[Vec<u8>]) -> ScriptBuf {
     let mut b = script::Builder::new();
-    for wit in witness {
+    for (i, wit) in witness.iter().enumerate() {
         if let Ok(n) = script::read_scriptint(wit) {
             b = b.push_int(n);
         } else {
-            let push = <&PushBytes>::try_from(wit.as_slice())
-                .expect("All pushes in miniscript are <73 bytes");
+            if i != witness.len() - 1 {
+                assert!(wit.len() < 73, "All pushes in miniscript are < 73 bytes");
+            } else {
+                assert!(wit.len() <= MAX_SCRIPT_ELEMENT_SIZE, "P2SH redeem script is <= 520 bytes");
+            }
+            let push = <&PushBytes>::try_from(wit.as_slice()).expect("checked above");
             b = b.push_slice(push)
         }
     }