From 30743f73336751edc3a7b578f1f865668e02d8f4 Mon Sep 17 00:00:00 2001 From: Mihailo Milenkovic Date: Mon, 8 Oct 2018 17:45:53 +0200 Subject: [PATCH] Add checks for correct input data --- src/cc/channels.cpp | 17 +++++++++++++---- src/wallet/rpcwallet.cpp | 20 ++++++++++++++++++++ 2 files changed, 33 insertions(+), 4 deletions(-) diff --git a/src/cc/channels.cpp b/src/cc/channels.cpp index f6133d575..57a587c44 100644 --- a/src/cc/channels.cpp +++ b/src/cc/channels.cpp @@ -207,15 +207,15 @@ bool ChannelsValidate(struct CCcontract_info *cp,Eval* eval,const CTransaction & else if ( IsCCInput(tx.vin[1].scriptSig) == 0 ) return eval->Invalid("vin.1 is CC for channelPayment!"); else if ( IsCCInput(tx.vin[2].scriptSig) == 0 ) - return eval->Invalid("vin.1 is CC for channelPayment!"); + return eval->Invalid("vin.2 is CC for channelPayment!"); else if ( tx.vout[0].scriptPubKey.IsPayToCryptoCondition() == 0 ) return eval->Invalid("vout.0 is CC for channelPayment!"); else if ( tx.vout[1].scriptPubKey.IsPayToCryptoCondition() == 0 ) return eval->Invalid("vout.1 is CC for channelPayment (marker to srcPub)!"); else if ( tx.vout[2].scriptPubKey.IsPayToCryptoCondition() == 0 ) - return eval->Invalid("vout.1 is CC for channelPayment (marker to dstPub)!"); + return eval->Invalid("vout.2 is CC for channelPayment (marker to dstPub)!"); else if ( tx.vout[3].scriptPubKey.IsPayToCryptoCondition() != 0 ) - return eval->Invalid("vout.1 is normal for channelPayment!"); + return eval->Invalid("vout.3 is normal for channelPayment!"); else if ( tx.vout[3].scriptPubKey!=CScript() << ParseHex(HexStr(destpub)) << OP_CHECKSIG) return eval->Invalid("payment funds do not go to receiver!"); else if ( param1 > CHANNELS_MAXPAYMENTS) @@ -487,7 +487,7 @@ std::string ChannelPayment(uint64_t txfee,uint256 opentxid,int64_t amount, uint2 fprintf(stderr,"this is not our channel\n"); return(""); } - else if (amount % payment != 0) + else if (amount % payment != 0 || amount prevdepth) + { + fprintf(stderr,"not enough funds in channel for that amount\n"); + return (""); + } else if (numpayments == 0) + { + fprintf(stderr,"invalid amount\n"); + return (""); + } if (secret!=zeroid) { endiancpy(hash, (uint8_t * ) & secret, 32); diff --git a/src/wallet/rpcwallet.cpp b/src/wallet/rpcwallet.cpp index d97df5b3a..aa5392472 100644 --- a/src/wallet/rpcwallet.cpp +++ b/src/wallet/rpcwallet.cpp @@ -5146,8 +5146,23 @@ UniValue channelsopen(const UniValue& params, bool fHelp) const CKeyStore& keystore = *pwalletMain; LOCK2(cs_main, pwalletMain->cs_wallet); destpub = ParseHex(params[0].get_str().c_str()); + if (destpub.size()!= 33) + { + ERR_RESULT("invalid destination pubkey"); + return result; + } numpayments = atoi(params[1].get_str().c_str()); + if (numpayments <1) + { + ERR_RESULT("invalid number of payments, must be greater than 0"); + return result; + } payment = atol(params[2].get_str().c_str()); + if (payment <1) + { + ERR_RESULT("invalid payment amount, must be greater than 0"); + return result; + } hex = ChannelOpen(0,pubkey2pk(destpub),numpayments,payment); if ( hex.size() > 0 ) { @@ -5169,6 +5184,11 @@ UniValue channelspayment(const UniValue& params, bool fHelp) LOCK2(cs_main, pwalletMain->cs_wallet); opentxid = Parseuint256((char *)params[0].get_str().c_str()); amount = atoi((char *)params[1].get_str().c_str()); + if (amount <1) + { + ERR_RESULT("invalid payment amount, must be greater than 0"); + return result; + } if (params.size() > 2 && !params[2].isNull() && !params[2].get_str().empty()) { secret = Parseuint256((char *)params[2].get_str().c_str());