From 621812c69e19861b15b20c2f1fe5e03d5f42846b Mon Sep 17 00:00:00 2001
From: Miguel Freitas <miguel@pitanga.cpti.cetuc.puc-rio.br>
Date: Tue, 6 Aug 2013 18:26:53 -0300
Subject: [PATCH] improve parameter checking in dhtput

---
 libtorrent/src/kademlia/node.cpp |  7 +++++++
 src/twister.cpp                  | 21 ++++++++++++++++++---
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/libtorrent/src/kademlia/node.cpp b/libtorrent/src/kademlia/node.cpp
index c1434286..a7059a93 100644
--- a/libtorrent/src/kademlia/node.cpp
+++ b/libtorrent/src/kademlia/node.cpp
@@ -304,6 +304,7 @@ namespace
 		}
 	}
 
+	// [MF] FIXME: putData_fun must receive {p, sig_p} (no need to sign it several times)
 	void putData_fun(std::vector<std::pair<node_entry, std::string> > const& v,
 			 node_impl& node,
 			 std::string const &username, std::string const &resource, bool multi,
@@ -353,6 +354,10 @@ namespace
 			std::vector<char> pbuf;
 			bencode(std::back_inserter(pbuf), p);
 			std::string sig_p = createSignature(std::string(pbuf.data(),pbuf.size()), sig_user);
+			if( !sig_p.size() ) {
+				printf("putData_fun: createSignature error (this should have been caught earlier)\n");
+				return;
+			}
 
 			a["sig_p"] = sig_p;
 			a["sig_user"] = sig_user;
@@ -413,6 +418,8 @@ void node_impl::putData(std::string const &username, std::string const &resource
 #ifdef TORRENT_DHT_VERBOSE_LOGGING
 	TORRENT_LOG(node) << "putData [ username: " << info_hash << " res: " << resource << " ]" ;
 #endif
+	printf("putData: username=%s,res=%s,multi=%d sig_user=%s\n",
+		   username.c_str(), resource.c_str(), multi, sig_user.c_str());
 	// search for nodes with ids close to id or with peers
 	// for info-hash id. then send putData to them.
 	boost::intrusive_ptr<dht_get> ta(new dht_get(*this, username, resource, multi,
diff --git a/src/twister.cpp b/src/twister.cpp
index a3b0b505..df198ccc 100644
--- a/src/twister.cpp
+++ b/src/twister.cpp
@@ -369,7 +369,7 @@ int getBestHeight()
 
 Value dhtput(const Array& params, bool fHelp)
 {
-    if (fHelp || params.size() != 6)
+    if (fHelp || params.size() < 5 || params.size() > 6)
         throw runtime_error(
             "dhtput <username> <resource> <s(ingle)/m(ulti)> <value> <sig_user> <seq>\n"
             "Sign a message with the private key of an address");
@@ -381,12 +381,27 @@ Value dhtput(const Array& params, bool fHelp)
     string strMulti    = params[2].get_str();
     string strValue    = params[3].get_str();
     string strSigUser  = params[4].get_str();
-    string strSeq      = params[5].get_str();
+
+    // Test for private key here to avoid going into dht
+    CKeyID keyID;
+    if( !pwalletMain->GetKeyIdFromUsername(strSigUser, keyID) )
+      throw JSONRPCError(RPC_WALLET_INVALID_ACCOUNT_NAME, "Error: no sig_user in wallet");
+    CKey key;
+    if (!pwalletMain->GetKey(keyID, key))
+        throw JSONRPCError(RPC_WALLET_ERROR, "Private key of sig_user not available");
 
     bool multi = (strMulti == "m");
+    if( !multi && params.size() != 6 )
+        throw JSONRPCError(RPC_WALLET_ERROR, "Seq parameter required for single");
+
+    int seq = -1;
+    if( params.size() == 6 ) seq = atoi( params[5].get_str().c_str() );
+
+    if( !multi && strUsername != strSigUser )
+        throw JSONRPCError(RPC_WALLET_ERROR, "Username must be the same as sig_user for single");
+
     entry value = entry::string_type(strValue);
     int timeutc = time(NULL);
-    int seq = atoi(strSeq.c_str());
 
     ses->dht_putData(strUsername, strResource, multi, value, strSigUser, timeutc, seq);
     return Value();