Merge pull request #8083

e8e507f rpc: fix DoS vector in get_output_distribution (moneromooo-monero)
This commit is contained in:
luigi1111 2021-11-26 23:05:31 -06:00
commit 105e2304a2
No known key found for this signature in database
GPG key ID: F4ACA0183641E010

View file

@ -3201,6 +3201,14 @@ namespace cryptonote
if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_OUTPUT_DISTRIBUTION>(invoke_http_mode::JON_RPC, "get_output_distribution", req, res, r)) if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_OUTPUT_DISTRIBUTION>(invoke_http_mode::JON_RPC, "get_output_distribution", req, res, r))
return r; return r;
const bool restricted = m_restricted && ctx;
if (restricted && req.amounts != std::vector<uint64_t>(1, 0))
{
error_resp.code = CORE_RPC_ERROR_CODE_RESTRICTED;
error_resp.message = "Restricted RPC can only get output distribution for rct outputs. Use your own node.";
return false;
}
size_t n_0 = 0, n_non0 = 0; size_t n_0 = 0, n_non0 = 0;
for (uint64_t amount: req.amounts) for (uint64_t amount: req.amounts)
if (amount) ++n_non0; else ++n_0; if (amount) ++n_non0; else ++n_0;
@ -3242,6 +3250,13 @@ namespace cryptonote
if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_OUTPUT_DISTRIBUTION>(invoke_http_mode::BIN, "/get_output_distribution.bin", req, res, r)) if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_OUTPUT_DISTRIBUTION>(invoke_http_mode::BIN, "/get_output_distribution.bin", req, res, r))
return r; return r;
const bool restricted = m_restricted && ctx;
if (restricted && req.amounts != std::vector<uint64_t>(1, 0))
{
res.status = "Restricted RPC can only get output distribution for rct outputs. Use your own node.";
return false;
}
size_t n_0 = 0, n_non0 = 0; size_t n_0 = 0, n_non0 = 0;
for (uint64_t amount: req.amounts) for (uint64_t amount: req.amounts)
if (amount) ++n_non0; else ++n_0; if (amount) ++n_non0; else ++n_0;