From f9186d785aac71b0fe9e771f0e6a05872ed17eda Mon Sep 17 00:00:00 2001
From: Christopher Jeffrey <chjjeffrey@gmail.com>
Date: Wed, 9 Dec 2015 14:35:47 -0800
Subject: [PATCH] ensure p2sh inputs have only push ops (do the same for raw
 multisig?).

---
 lib/bcoin/tx.js | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/bcoin/tx.js b/lib/bcoin/tx.js
index f0149c61..86c5eb68 100644
--- a/lib/bcoin/tx.js
+++ b/lib/bcoin/tx.js
@@ -432,8 +432,17 @@ TX.prototype.verify = function verify(index, force) {
     assert(input.out.tx.outputs.length > input.out.index);
 
     var stack = [];
-    bcoin.script.execute(input.script, stack, this, i);
     var prev = input.out.tx.outputs[input.out.index].script;
+
+    if (bcoin.script.isScripthash(prev)) {
+      // p2sh transactions cannot have anything
+      // other than pushdata ops in the scriptSig
+      var push = !input.script.slice(1).every(Array.isArray);
+      if (push)
+        return false;
+    }
+
+    bcoin.script.execute(input.script, stack, this, i);
     var res = bcoin.script.execute(prev, stack, this, i);
     if (!res)
       return false;