Merge pull request #1732

83ec209f simplewallet: validate hex input size (moneromooo-monero)
This commit is contained in:
Riccardo Spagni 2017-02-21 00:51:46 +02:00
commit ba633d33a8
No known key found for this signature in database
GPG key ID: 55432DF31CCD4FCD
5 changed files with 21 additions and 21 deletions

View file

@ -997,7 +997,7 @@ bool simple_wallet::init(const boost::program_options::variables_map& vm)
return false; return false;
} }
cryptonote::blobdata viewkey_data; cryptonote::blobdata viewkey_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(viewkey_string, viewkey_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(viewkey_string, viewkey_data) || viewkey_data.size() != sizeof(crypto::secret_key))
{ {
fail_msg_writer() << tr("failed to parse view key secret key"); fail_msg_writer() << tr("failed to parse view key secret key");
return false; return false;
@ -1049,7 +1049,7 @@ bool simple_wallet::init(const boost::program_options::variables_map& vm)
return false; return false;
} }
cryptonote::blobdata spendkey_data; cryptonote::blobdata spendkey_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(spendkey_string, spendkey_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(spendkey_string, spendkey_data) || spendkey_data.size() != sizeof(crypto::secret_key))
{ {
fail_msg_writer() << tr("failed to parse spend key secret key"); fail_msg_writer() << tr("failed to parse spend key secret key");
return false; return false;
@ -1065,7 +1065,7 @@ bool simple_wallet::init(const boost::program_options::variables_map& vm)
return false; return false;
} }
cryptonote::blobdata viewkey_data; cryptonote::blobdata viewkey_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(viewkey_string, viewkey_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(viewkey_string, viewkey_data) || viewkey_data.size() != sizeof(crypto::secret_key))
{ {
fail_msg_writer() << tr("failed to parse view key secret key"); fail_msg_writer() << tr("failed to parse view key secret key");
return false; return false;
@ -3166,7 +3166,7 @@ bool simple_wallet::get_tx_key(const std::vector<std::string> &args_)
if (m_wallet->ask_password() && !get_and_verify_password()) { return true; } if (m_wallet->ask_password() && !get_and_verify_password()) { return true; }
cryptonote::blobdata txid_data; cryptonote::blobdata txid_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(local_args.front(), txid_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(local_args.front(), txid_data) || txid_data.size() != sizeof(crypto::hash))
{ {
fail_msg_writer() << tr("failed to parse txid"); fail_msg_writer() << tr("failed to parse txid");
return false; return false;
@ -3203,7 +3203,7 @@ bool simple_wallet::check_tx_key(const std::vector<std::string> &args_)
assert(m_wallet); assert(m_wallet);
cryptonote::blobdata txid_data; cryptonote::blobdata txid_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(local_args[0], txid_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(local_args[0], txid_data) || txid_data.size() != sizeof(crypto::hash))
{ {
fail_msg_writer() << tr("failed to parse txid"); fail_msg_writer() << tr("failed to parse txid");
return true; return true;
@ -3219,7 +3219,7 @@ bool simple_wallet::check_tx_key(const std::vector<std::string> &args_)
} }
crypto::secret_key tx_key; crypto::secret_key tx_key;
cryptonote::blobdata tx_key_data; cryptonote::blobdata tx_key_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(local_args[1], tx_key_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(local_args[1], tx_key_data) || tx_key_data.size() != sizeof(crypto::secret_key))
{ {
fail_msg_writer() << tr("failed to parse tx key"); fail_msg_writer() << tr("failed to parse tx key");
return true; return true;
@ -3851,7 +3851,7 @@ bool simple_wallet::set_tx_note(const std::vector<std::string> &args)
} }
cryptonote::blobdata txid_data; cryptonote::blobdata txid_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(args.front(), txid_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(args.front(), txid_data) || txid_data.size() != sizeof(crypto::hash))
{ {
fail_msg_writer() << tr("failed to parse txid"); fail_msg_writer() << tr("failed to parse txid");
return false; return false;
@ -3879,7 +3879,7 @@ bool simple_wallet::get_tx_note(const std::vector<std::string> &args)
} }
cryptonote::blobdata txid_data; cryptonote::blobdata txid_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(args.front(), txid_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(args.front(), txid_data) || txid_data.size() != sizeof(crypto::hash))
{ {
fail_msg_writer() << tr("failed to parse txid"); fail_msg_writer() << tr("failed to parse txid");
return false; return false;
@ -4179,7 +4179,7 @@ bool simple_wallet::show_transfer(const std::vector<std::string> &args)
} }
cryptonote::blobdata txid_data; cryptonote::blobdata txid_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(args.front(), txid_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(args.front(), txid_data) || txid_data.size() != sizeof(crypto::hash))
{ {
fail_msg_writer() << tr("failed to parse txid"); fail_msg_writer() << tr("failed to parse txid");
return false; return false;

View file

@ -1157,7 +1157,7 @@ void WalletImpl::setDefaultMixin(uint32_t arg)
bool WalletImpl::setUserNote(const std::string &txid, const std::string &note) bool WalletImpl::setUserNote(const std::string &txid, const std::string &note)
{ {
cryptonote::blobdata txid_data; cryptonote::blobdata txid_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data) || txid_data.size() != sizeof(crypto::hash))
return false; return false;
const crypto::hash htxid = *reinterpret_cast<const crypto::hash*>(txid_data.data()); const crypto::hash htxid = *reinterpret_cast<const crypto::hash*>(txid_data.data());
@ -1168,7 +1168,7 @@ bool WalletImpl::setUserNote(const std::string &txid, const std::string &note)
std::string WalletImpl::getUserNote(const std::string &txid) const std::string WalletImpl::getUserNote(const std::string &txid) const
{ {
cryptonote::blobdata txid_data; cryptonote::blobdata txid_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data) || txid_data.size() != sizeof(crypto::hash))
return ""; return "";
const crypto::hash htxid = *reinterpret_cast<const crypto::hash*>(txid_data.data()); const crypto::hash htxid = *reinterpret_cast<const crypto::hash*>(txid_data.data());
@ -1178,7 +1178,7 @@ std::string WalletImpl::getUserNote(const std::string &txid) const
std::string WalletImpl::getTxKey(const std::string &txid) const std::string WalletImpl::getTxKey(const std::string &txid) const
{ {
cryptonote::blobdata txid_data; cryptonote::blobdata txid_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data) || txid_data.size() != sizeof(crypto::hash))
{ {
return ""; return "";
} }

View file

@ -182,7 +182,7 @@ bool WalletManagerImpl::checkPayment(const std::string &address_text, const std:
{ {
error = ""; error = "";
cryptonote::blobdata txid_data; cryptonote::blobdata txid_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(txid_text, txid_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(txid_text, txid_data) || txid_data.size() != sizeof(crypto::hash))
{ {
error = tr("failed to parse txid"); error = tr("failed to parse txid");
return false; return false;
@ -196,7 +196,7 @@ bool WalletManagerImpl::checkPayment(const std::string &address_text, const std:
} }
crypto::secret_key tx_key; crypto::secret_key tx_key;
cryptonote::blobdata tx_key_data; cryptonote::blobdata tx_key_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(txkey_text, tx_key_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(txkey_text, tx_key_data) || tx_key_data.size() != sizeof(crypto::hash))
{ {
error = tr("failed to parse tx key"); error = tr("failed to parse tx key");
return false; return false;

View file

@ -251,7 +251,7 @@ std::unique_ptr<tools::wallet2> generate_from_json(const std::string& json_file,
if (field_viewkey_found) if (field_viewkey_found)
{ {
cryptonote::blobdata viewkey_data; cryptonote::blobdata viewkey_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(field_viewkey, viewkey_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(field_viewkey, viewkey_data) || viewkey_data.size() != sizeof(crypto::secret_key))
{ {
tools::fail_msg_writer() << tools::wallet2::tr("failed to parse view key secret key"); tools::fail_msg_writer() << tools::wallet2::tr("failed to parse view key secret key");
return false; return false;
@ -269,7 +269,7 @@ std::unique_ptr<tools::wallet2> generate_from_json(const std::string& json_file,
if (field_spendkey_found) if (field_spendkey_found)
{ {
cryptonote::blobdata spendkey_data; cryptonote::blobdata spendkey_data;
if(!epee::string_tools::parse_hexstr_to_binbuff(field_spendkey, spendkey_data)) if(!epee::string_tools::parse_hexstr_to_binbuff(field_spendkey, spendkey_data) || spendkey_data.size() != sizeof(crypto::secret_key))
{ {
tools::fail_msg_writer() << tools::wallet2::tr("failed to parse spend key secret key"); tools::fail_msg_writer() << tools::wallet2::tr("failed to parse spend key secret key");
return false; return false;
@ -1456,7 +1456,7 @@ void wallet2::update_pool_state()
for (auto it: res.transactions) for (auto it: res.transactions)
{ {
cryptonote::blobdata txid_data; cryptonote::blobdata txid_data;
if(epee::string_tools::parse_hexstr_to_binbuff(it.id_hash, txid_data)) if(epee::string_tools::parse_hexstr_to_binbuff(it.id_hash, txid_data) && txid_data.size() == sizeof(crypto::hash))
{ {
const crypto::hash txid = *reinterpret_cast<const crypto::hash*>(txid_data.data()); const crypto::hash txid = *reinterpret_cast<const crypto::hash*>(txid_data.data());
if (m_unconfirmed_payments.find(txid) == m_unconfirmed_payments.end()) if (m_unconfirmed_payments.find(txid) == m_unconfirmed_payments.end())

View file

@ -983,7 +983,7 @@ namespace tools
while (i != req.txids.end()) while (i != req.txids.end())
{ {
cryptonote::blobdata txid_blob; cryptonote::blobdata txid_blob;
if(!epee::string_tools::parse_hexstr_to_binbuff(*i++, txid_blob)) if(!epee::string_tools::parse_hexstr_to_binbuff(*i++, txid_blob) || txid_blob.size() != sizeof(crypto::hash))
{ {
er.code = WALLET_RPC_ERROR_CODE_WRONG_TXID; er.code = WALLET_RPC_ERROR_CODE_WRONG_TXID;
er.message = "TX ID has invalid format"; er.message = "TX ID has invalid format";
@ -1013,7 +1013,7 @@ namespace tools
while (i != req.txids.end()) while (i != req.txids.end())
{ {
cryptonote::blobdata txid_blob; cryptonote::blobdata txid_blob;
if(!epee::string_tools::parse_hexstr_to_binbuff(*i++, txid_blob)) if(!epee::string_tools::parse_hexstr_to_binbuff(*i++, txid_blob) || txid_blob.size() != sizeof(crypto::hash))
{ {
er.code = WALLET_RPC_ERROR_CODE_WRONG_TXID; er.code = WALLET_RPC_ERROR_CODE_WRONG_TXID;
er.message = "TX ID has invalid format"; er.message = "TX ID has invalid format";
@ -1206,7 +1206,7 @@ namespace tools
{ {
cryptonote::blobdata bd; cryptonote::blobdata bd;
if(!epee::string_tools::parse_hexstr_to_binbuff(req.signed_key_images[n].key_image, bd)) if(!epee::string_tools::parse_hexstr_to_binbuff(req.signed_key_images[n].key_image, bd) || bd.size() != sizeof(crypto::key_image))
{ {
er.code = WALLET_RPC_ERROR_CODE_WRONG_KEY_IMAGE; er.code = WALLET_RPC_ERROR_CODE_WRONG_KEY_IMAGE;
er.message = "failed to parse key image"; er.message = "failed to parse key image";
@ -1214,7 +1214,7 @@ namespace tools
} }
ski[n].first = *reinterpret_cast<const crypto::key_image*>(bd.data()); ski[n].first = *reinterpret_cast<const crypto::key_image*>(bd.data());
if(!epee::string_tools::parse_hexstr_to_binbuff(req.signed_key_images[n].signature, bd)) if(!epee::string_tools::parse_hexstr_to_binbuff(req.signed_key_images[n].signature, bd) || bd.size() != sizeof(crypto::signature))
{ {
er.code = WALLET_RPC_ERROR_CODE_WRONG_SIGNATURE; er.code = WALLET_RPC_ERROR_CODE_WRONG_SIGNATURE;
er.message = "failed to parse signature"; er.message = "failed to parse signature";