feat: check max script sig push

Author: ChrisCho-H

src/util.rs

@@ -2,6 +2,7 @@
 
 use core::convert::TryFrom;
 
+use bitcoin::constants::MAX_SCRIPT_ELEMENT_SIZE;
 use bitcoin::hashes::Hash;
 use bitcoin::script::{self, PushBytes, ScriptBuf};
 use bitcoin::PubkeyHash;
@@ -49,12 +50,16 @@ pub(crate) fn witness_size<T: ItemSize>(wit: &[T]) -> usize {
 
 pub(crate) fn witness_to_scriptsig(witness: &[Vec<u8>]) -> ScriptBuf {
     let mut b = script::Builder::new();
-    for wit in witness {
+    for (i, wit) in witness.iter().enumerate() {
         if let Ok(n) = script::read_scriptint(wit) {
             b = b.push_int(n);
         } else {
-            let push = <&PushBytes>::try_from(wit.as_slice())
-                .expect("All pushes in miniscript are <73 bytes");
+            if i != witness.len() - 1 {
+                assert!(wit.len() < 73, "All pushes in miniscript are < 73 bytes");
+            } else {
+                assert!(wit.len() <= MAX_SCRIPT_ELEMENT_SIZE, "P2SH redeem script is <= 520 bytes");
+            }
+            let push = <&PushBytes>::try_from(wit.as_slice()).expect("checked above");
             b = b.push_slice(push)
         }
     }