From 83ec209f42f02deab973254231efeb794edf2c16 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Tue, 14 Feb 2017 19:35:44 +0000 Subject: [PATCH] simplewallet: validate hex input size --- src/simplewallet/simplewallet.cpp | 18 +++++++++--------- src/wallet/api/wallet.cpp | 6 +++--- src/wallet/api/wallet_manager.cpp | 4 ++-- src/wallet/wallet2.cpp | 6 +++--- src/wallet/wallet_rpc_server.cpp | 8 ++++---- 5 files changed, 21 insertions(+), 21 deletions(-) diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp index 41665e4d8..b466251ab 100644 --- a/src/simplewallet/simplewallet.cpp +++ b/src/simplewallet/simplewallet.cpp @@ -997,7 +997,7 @@ bool simple_wallet::init(const boost::program_options::variables_map& vm) return false; } cryptonote::blobdata viewkey_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(viewkey_string, viewkey_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(viewkey_string, viewkey_data) || viewkey_data.size() != sizeof(crypto::secret_key)) { fail_msg_writer() << tr("failed to parse view key secret key"); return false; @@ -1049,7 +1049,7 @@ bool simple_wallet::init(const boost::program_options::variables_map& vm) return false; } cryptonote::blobdata spendkey_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(spendkey_string, spendkey_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(spendkey_string, spendkey_data) || spendkey_data.size() != sizeof(crypto::secret_key)) { fail_msg_writer() << tr("failed to parse spend key secret key"); return false; @@ -1065,7 +1065,7 @@ bool simple_wallet::init(const boost::program_options::variables_map& vm) return false; } cryptonote::blobdata viewkey_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(viewkey_string, viewkey_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(viewkey_string, viewkey_data) || viewkey_data.size() != sizeof(crypto::secret_key)) { fail_msg_writer() << tr("failed to parse view key secret key"); return false; @@ -3166,7 +3166,7 @@ bool simple_wallet::get_tx_key(const std::vector &args_) if (m_wallet->ask_password() && !get_and_verify_password()) { return true; } cryptonote::blobdata txid_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(local_args.front(), txid_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(local_args.front(), txid_data) || txid_data.size() != sizeof(crypto::hash)) { fail_msg_writer() << tr("failed to parse txid"); return false; @@ -3203,7 +3203,7 @@ bool simple_wallet::check_tx_key(const std::vector &args_) assert(m_wallet); cryptonote::blobdata txid_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(local_args[0], txid_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(local_args[0], txid_data) || txid_data.size() != sizeof(crypto::hash)) { fail_msg_writer() << tr("failed to parse txid"); return true; @@ -3219,7 +3219,7 @@ bool simple_wallet::check_tx_key(const std::vector &args_) } crypto::secret_key tx_key; cryptonote::blobdata tx_key_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(local_args[1], tx_key_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(local_args[1], tx_key_data) || tx_key_data.size() != sizeof(crypto::secret_key)) { fail_msg_writer() << tr("failed to parse tx key"); return true; @@ -3851,7 +3851,7 @@ bool simple_wallet::set_tx_note(const std::vector &args) } cryptonote::blobdata txid_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(args.front(), txid_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(args.front(), txid_data) || txid_data.size() != sizeof(crypto::hash)) { fail_msg_writer() << tr("failed to parse txid"); return false; @@ -3879,7 +3879,7 @@ bool simple_wallet::get_tx_note(const std::vector &args) } cryptonote::blobdata txid_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(args.front(), txid_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(args.front(), txid_data) || txid_data.size() != sizeof(crypto::hash)) { fail_msg_writer() << tr("failed to parse txid"); return false; @@ -4179,7 +4179,7 @@ bool simple_wallet::show_transfer(const std::vector &args) } cryptonote::blobdata txid_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(args.front(), txid_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(args.front(), txid_data) || txid_data.size() != sizeof(crypto::hash)) { fail_msg_writer() << tr("failed to parse txid"); return false; diff --git a/src/wallet/api/wallet.cpp b/src/wallet/api/wallet.cpp index c46de6b06..326ca26a0 100644 --- a/src/wallet/api/wallet.cpp +++ b/src/wallet/api/wallet.cpp @@ -1157,7 +1157,7 @@ void WalletImpl::setDefaultMixin(uint32_t arg) bool WalletImpl::setUserNote(const std::string &txid, const std::string ¬e) { cryptonote::blobdata txid_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data) || txid_data.size() != sizeof(crypto::hash)) return false; const crypto::hash htxid = *reinterpret_cast(txid_data.data()); @@ -1168,7 +1168,7 @@ bool WalletImpl::setUserNote(const std::string &txid, const std::string ¬e) std::string WalletImpl::getUserNote(const std::string &txid) const { cryptonote::blobdata txid_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data) || txid_data.size() != sizeof(crypto::hash)) return ""; const crypto::hash htxid = *reinterpret_cast(txid_data.data()); @@ -1178,7 +1178,7 @@ std::string WalletImpl::getUserNote(const std::string &txid) const std::string WalletImpl::getTxKey(const std::string &txid) const { cryptonote::blobdata txid_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data) || txid_data.size() != sizeof(crypto::hash)) { return ""; } diff --git a/src/wallet/api/wallet_manager.cpp b/src/wallet/api/wallet_manager.cpp index 4104e7884..6feec75bd 100644 --- a/src/wallet/api/wallet_manager.cpp +++ b/src/wallet/api/wallet_manager.cpp @@ -182,7 +182,7 @@ bool WalletManagerImpl::checkPayment(const std::string &address_text, const std: { error = ""; cryptonote::blobdata txid_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(txid_text, txid_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(txid_text, txid_data) || txid_data.size() != sizeof(crypto::hash)) { error = tr("failed to parse txid"); return false; @@ -196,7 +196,7 @@ bool WalletManagerImpl::checkPayment(const std::string &address_text, const std: } crypto::secret_key tx_key; cryptonote::blobdata tx_key_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(txkey_text, tx_key_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(txkey_text, tx_key_data) || tx_key_data.size() != sizeof(crypto::hash)) { error = tr("failed to parse tx key"); return false; diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index e7a175dc7..250210cb0 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -251,7 +251,7 @@ std::unique_ptr generate_from_json(const std::string& json_file, if (field_viewkey_found) { cryptonote::blobdata viewkey_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(field_viewkey, viewkey_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(field_viewkey, viewkey_data) || viewkey_data.size() != sizeof(crypto::secret_key)) { tools::fail_msg_writer() << tools::wallet2::tr("failed to parse view key secret key"); return false; @@ -269,7 +269,7 @@ std::unique_ptr generate_from_json(const std::string& json_file, if (field_spendkey_found) { cryptonote::blobdata spendkey_data; - if(!epee::string_tools::parse_hexstr_to_binbuff(field_spendkey, spendkey_data)) + if(!epee::string_tools::parse_hexstr_to_binbuff(field_spendkey, spendkey_data) || spendkey_data.size() != sizeof(crypto::secret_key)) { tools::fail_msg_writer() << tools::wallet2::tr("failed to parse spend key secret key"); return false; @@ -1456,7 +1456,7 @@ void wallet2::update_pool_state() for (auto it: res.transactions) { cryptonote::blobdata txid_data; - if(epee::string_tools::parse_hexstr_to_binbuff(it.id_hash, txid_data)) + if(epee::string_tools::parse_hexstr_to_binbuff(it.id_hash, txid_data) && txid_data.size() == sizeof(crypto::hash)) { const crypto::hash txid = *reinterpret_cast(txid_data.data()); if (m_unconfirmed_payments.find(txid) == m_unconfirmed_payments.end()) diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp index 881279e42..ee50c3cdb 100644 --- a/src/wallet/wallet_rpc_server.cpp +++ b/src/wallet/wallet_rpc_server.cpp @@ -983,7 +983,7 @@ namespace tools while (i != req.txids.end()) { cryptonote::blobdata txid_blob; - if(!epee::string_tools::parse_hexstr_to_binbuff(*i++, txid_blob)) + if(!epee::string_tools::parse_hexstr_to_binbuff(*i++, txid_blob) || txid_blob.size() != sizeof(crypto::hash)) { er.code = WALLET_RPC_ERROR_CODE_WRONG_TXID; er.message = "TX ID has invalid format"; @@ -1013,7 +1013,7 @@ namespace tools while (i != req.txids.end()) { cryptonote::blobdata txid_blob; - if(!epee::string_tools::parse_hexstr_to_binbuff(*i++, txid_blob)) + if(!epee::string_tools::parse_hexstr_to_binbuff(*i++, txid_blob) || txid_blob.size() != sizeof(crypto::hash)) { er.code = WALLET_RPC_ERROR_CODE_WRONG_TXID; er.message = "TX ID has invalid format"; @@ -1206,7 +1206,7 @@ namespace tools { cryptonote::blobdata bd; - if(!epee::string_tools::parse_hexstr_to_binbuff(req.signed_key_images[n].key_image, bd)) + if(!epee::string_tools::parse_hexstr_to_binbuff(req.signed_key_images[n].key_image, bd) || bd.size() != sizeof(crypto::key_image)) { er.code = WALLET_RPC_ERROR_CODE_WRONG_KEY_IMAGE; er.message = "failed to parse key image"; @@ -1214,7 +1214,7 @@ namespace tools } ski[n].first = *reinterpret_cast(bd.data()); - if(!epee::string_tools::parse_hexstr_to_binbuff(req.signed_key_images[n].signature, bd)) + if(!epee::string_tools::parse_hexstr_to_binbuff(req.signed_key_images[n].signature, bd) || bd.size() != sizeof(crypto::signature)) { er.code = WALLET_RPC_ERROR_CODE_WRONG_SIGNATURE; er.message = "failed to parse signature";