Browse Source

Bugfix: prioritisetransaction: Do some basic sanity checking on txid

Besides giving a nicer error, this also prevents logging arbitrary data (which could have been used to exploit log readers) into debug.log

Rebased-From: 7f71813919
Github-Pull: #5499
0.10
Luke Dashjr 10 years ago committed by Wladimir J. van der Laan
parent
commit
1eadfd9753
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
  1. 1
      src/core_io.h
  2. 5
      src/core_read.cpp
  3. 3
      src/rpcmining.cpp

1
src/core_io.h

@ -19,6 +19,7 @@ extern CScript ParseScript(std::string s); @@ -19,6 +19,7 @@ extern CScript ParseScript(std::string s);
extern bool DecodeHexTx(CTransaction& tx, const std::string& strHexTx);
extern bool DecodeHexBlk(CBlock&, const std::string& strHexBlk);
extern uint256 ParseHashUV(const UniValue& v, const std::string& strName);
extern uint256 ParseHashStr(const std::string&, const std::string& strName);
extern std::vector<unsigned char> ParseHexUV(const UniValue& v, const std::string& strName);
// core_write.cpp

5
src/core_read.cpp

@ -131,6 +131,11 @@ uint256 ParseHashUV(const UniValue& v, const string& strName) @@ -131,6 +131,11 @@ uint256 ParseHashUV(const UniValue& v, const string& strName)
string strHex;
if (v.isStr())
strHex = v.getValStr();
return ParseHashStr(strHex, strName); // Note: ParseHashStr("") throws a runtime_error
}
uint256 ParseHashStr(const std::string& strHex, const std::string& strName)
{
if (!IsHex(strHex)) // Note: IsHex("") is false
throw runtime_error(strName+" must be hexadecimal string (not '"+strHex+"')");

3
src/rpcmining.cpp

@ -288,8 +288,7 @@ Value prioritisetransaction(const Array& params, bool fHelp) @@ -288,8 +288,7 @@ Value prioritisetransaction(const Array& params, bool fHelp)
+ HelpExampleRpc("prioritisetransaction", "\"txid\", 0.0, 10000")
);
uint256 hash;
hash.SetHex(params[0].get_str());
uint256 hash = ParseHashStr(params[0].get_str(), "txid");
CAmount nAmount = params[2].get_int64();

Loading…
Cancel
Save