improve parameter checking in dhtput

11 years ago · 621812c69e
2 changed files with 25 additions and 3 deletions
--- a/libtorrent/src/kademlia/node.cpp
+++ b/libtorrent/src/kademlia/node.cpp
@ -304,6 +304,7 @@ namespace
				@@ -304,6 +304,7 @@ namespace
 		}
 	}

+	// [MF] FIXME: putData_fun must receive {p, sig_p} (no need to sign it several times)
 	void putData_fun(std::vector<std::pair<node_entry, std::string> > const& v,
 			 node_impl& node,
 			 std::string const &username, std::string const &resource, bool multi,
@ -353,6 +354,10 @@ namespace
				@@ -353,6 +354,10 @@ namespace
 			std::vector<char> pbuf;
 			bencode(std::back_inserter(pbuf), p);
 			std::string sig_p = createSignature(std::string(pbuf.data(),pbuf.size()), sig_user);
+			if( !sig_p.size() ) {
+				printf("putData_fun: createSignature error (this should have been caught earlier)\n");
+				return;
+			}

 			a["sig_p"] = sig_p;
 			a["sig_user"] = sig_user;
@ -413,6 +418,8 @@ void node_impl::putData(std::string const &username, std::string const &resource
				@@ -413,6 +418,8 @@ void node_impl::putData(std::string const &username, std::string const &resource
 #ifdef TORRENT_DHT_VERBOSE_LOGGING
 	TORRENT_LOG(node) << "putData [ username: " << info_hash << " res: " << resource << " ]" ;
 #endif
+	printf("putData: username=%s,res=%s,multi=%d sig_user=%s\n",
+		   username.c_str(), resource.c_str(), multi, sig_user.c_str());
 	// search for nodes with ids close to id or with peers
 	// for info-hash id. then send putData to them.
 	boost::intrusive_ptr<dht_get> ta(new dht_get(*this, username, resource, multi,
--- a/src/twister.cpp
+++ b/src/twister.cpp
@ -369,7 +369,7 @@ int getBestHeight()
				@@ -369,7 +369,7 @@ int getBestHeight()

 Value dhtput(const Array& params, bool fHelp)
 {
-    if (fHelp || params.size() != 6)
+    if (fHelp || params.size() < 5 || params.size() > 6)
        throw runtime_error(
            "dhtput <username> <resource> <s(ingle)/m(ulti)> <value> <sig_user> <seq>\n"
            "Sign a message with the private key of an address");
@ -381,12 +381,27 @@ Value dhtput(const Array& params, bool fHelp)
				@@ -381,12 +381,27 @@ Value dhtput(const Array& params, bool fHelp)
    string strMulti    = params[2].get_str();
    string strValue    = params[3].get_str();
    string strSigUser  = params[4].get_str();
-    string strSeq      = params[5].get_str();
+
+    // Test for private key here to avoid going into dht
+    CKeyID keyID;
+    if( !pwalletMain->GetKeyIdFromUsername(strSigUser, keyID) )
+      throw JSONRPCError(RPC_WALLET_INVALID_ACCOUNT_NAME, "Error: no sig_user in wallet");
+    CKey key;
+    if (!pwalletMain->GetKey(keyID, key))
+        throw JSONRPCError(RPC_WALLET_ERROR, "Private key of sig_user not available");

    bool multi = (strMulti == "m");
+    if( !multi && params.size() != 6 )
+        throw JSONRPCError(RPC_WALLET_ERROR, "Seq parameter required for single");
+
+    int seq = -1;
+    if( params.size() == 6 ) seq = atoi( params[5].get_str().c_str() );
+
+    if( !multi && strUsername != strSigUser )
+        throw JSONRPCError(RPC_WALLET_ERROR, "Username must be the same as sig_user for single");
+
    entry value = entry::string_type(strValue);
    int timeutc = time(NULL);
-    int seq = atoi(strSeq.c_str());

    ses->dht_putData(strUsername, strResource, multi, value, strSigUser, timeutc, seq);
    return Value();