Browse Source

Properly bound check conf_target in wallet RPC calls

0.15
Alex Morcos 8 years ago
parent
commit
11590d39b9
  1. 10
      src/rpc/mining.cpp
  2. 3
      src/rpc/mining.h
  3. 14
      src/wallet/rpcwallet.cpp

10
src/rpc/mining.cpp

@ -30,6 +30,16 @@ @@ -30,6 +30,16 @@
#include <univalue.h>
unsigned int ParseConfirmTarget(const UniValue& value)
{
int target = value.get_int();
unsigned int max_target = ::feeEstimator.HighestTargetTracked(FeeEstimateHorizon::LONG_HALFLIFE);
if (target < 1 || (unsigned int)target > max_target) {
throw JSONRPCError(RPC_INVALID_PARAMETER, strprintf("Invalid conf_target, must be between %u - %u", 1, max_target));
}
return (unsigned int)target;
}
/**
* Return average network hashes per second based on the last 'lookup' blocks,
* or from the last difficulty change if 'lookup' is nonpositive.

3
src/rpc/mining.h

@ -12,4 +12,7 @@ @@ -12,4 +12,7 @@
/** Generate blocks (mine) */
UniValue generateBlocks(std::shared_ptr<CReserveScript> coinbaseScript, int nGenerate, uint64_t nMaxTries, bool keepScript);
/** Check bounds on a command line confirm target */
unsigned int ParseConfirmTarget(const UniValue& value);
#endif

14
src/wallet/rpcwallet.cpp

@ -460,7 +460,7 @@ UniValue sendtoaddress(const JSONRPCRequest& request) @@ -460,7 +460,7 @@ UniValue sendtoaddress(const JSONRPCRequest& request)
}
if (request.params.size() > 6 && !request.params[6].isNull()) {
coin_control.m_confirm_target = request.params[6].get_int();
coin_control.m_confirm_target = ParseConfirmTarget(request.params[6]);
}
if (request.params.size() > 7 && !request.params[7].isNull()) {
@ -981,7 +981,7 @@ UniValue sendmany(const JSONRPCRequest& request) @@ -981,7 +981,7 @@ UniValue sendmany(const JSONRPCRequest& request)
}
if (request.params.size() > 6 && !request.params[6].isNull()) {
coin_control.m_confirm_target = request.params[6].get_int();
coin_control.m_confirm_target = ParseConfirmTarget(request.params[6]);
}
if (request.params.size() > 7 && !request.params[7].isNull()) {
@ -2795,7 +2795,7 @@ UniValue fundrawtransaction(const JSONRPCRequest& request) @@ -2795,7 +2795,7 @@ UniValue fundrawtransaction(const JSONRPCRequest& request)
coinControl.signalRbf = options["replaceable"].get_bool();
}
if (options.exists("conf_target")) {
coinControl.m_confirm_target = options["conf_target"].get_int();
coinControl.m_confirm_target = ParseConfirmTarget(options["conf_target"]);
}
if (options.exists("estimate_mode")) {
if (!FeeModeFromString(options["estimate_mode"].get_str(), coinControl.m_fee_mode)) {
@ -2917,12 +2917,8 @@ UniValue bumpfee(const JSONRPCRequest& request) @@ -2917,12 +2917,8 @@ UniValue bumpfee(const JSONRPCRequest& request)
if (options.exists("confTarget") && options.exists("totalFee")) {
throw JSONRPCError(RPC_INVALID_PARAMETER, "confTarget and totalFee options should not both be set. Please provide either a confirmation target for fee estimation or an explicit total fee for the transaction.");
} else if (options.exists("confTarget")) {
int target = options["confTarget"].get_int();
if (target <= 0) { // FIXME: Check upper bound too
throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid confTarget (cannot be <= 0)");
}
coin_control.m_confirm_target = target;
} else if (options.exists("confTarget")) { // TODO: alias this to conf_target
coin_control.m_confirm_target = ParseConfirmTarget(options["confTarget"]);
} else if (options.exists("totalFee")) {
totalFee = options["totalFee"].get_int64();
if (totalFee <= 0) {

Loading…
Cancel
Save