Browse Source

bitcoin-tx: Fix missing range check

The number of arguments is not checked MutateTxAddOutAddr(..), meaning
that

> ./bitcoin-tx -create outaddr=

accessed the vStrInputParts vector beyond its bounds.

This also includes work by jnewbery to check the inputs for
MutateTxAddPubKey()
0.15
Awemany 8 years ago committed by John Newbery
parent
commit
eb66bf9bdd
  1. 6
      src/bitcoin-tx.cpp

6
src/bitcoin-tx.cpp

@ -242,6 +242,9 @@ static void MutateTxAddOutAddr(CMutableTransaction& tx, const std::string& strIn
std::vector<std::string> vStrInputParts; std::vector<std::string> vStrInputParts;
boost::split(vStrInputParts, strInput, boost::is_any_of(":")); boost::split(vStrInputParts, strInput, boost::is_any_of(":"));
if (vStrInputParts.size() != 2)
throw std::runtime_error("TX output missing or too many separators");
// Extract and validate VALUE // Extract and validate VALUE
CAmount value = ExtractAndValidateValue(vStrInputParts[0]); CAmount value = ExtractAndValidateValue(vStrInputParts[0]);
@ -264,6 +267,9 @@ static void MutateTxAddOutPubKey(CMutableTransaction& tx, const std::string& str
std::vector<std::string> vStrInputParts; std::vector<std::string> vStrInputParts;
boost::split(vStrInputParts, strInput, boost::is_any_of(":")); boost::split(vStrInputParts, strInput, boost::is_any_of(":"));
if (vStrInputParts.size() < 2 || vStrInputParts.size() > 3)
throw std::runtime_error("TX output missing or too many separators");
// Extract and validate VALUE // Extract and validate VALUE
CAmount value = ExtractAndValidateValue(vStrInputParts[0]); CAmount value = ExtractAndValidateValue(vStrInputParts[0]);

Loading…
Cancel
Save