From a20f07e7d17f6d4000358a3b580a495b02193fdf Mon Sep 17 00:00:00 2001
From: jl777 <jameslee777@yahoo.com>
Date: Sat, 14 Apr 2018 15:19:14 +0300
Subject: [PATCH] Fix buffer overflows and reduce KMD men usage

---
 src/komodo_events.h | 94 ++++++++++++++++++++++++---------------------
 1 file changed, 51 insertions(+), 43 deletions(-)

diff --git a/src/komodo_events.h b/src/komodo_events.h
index 4d9ff87dc..b301f8a25 100644
--- a/src/komodo_events.h
+++ b/src/komodo_events.h
@@ -1,5 +1,5 @@
 /******************************************************************************
- * Copyright © 2014-2017 The SuperNET Developers.                             *
+ * Copyright © 2014-2018 The SuperNET Developers.                             *
  *                                                                            *
  * See the AUTHORS, DEVELOPER-AGREEMENT and LICENSE files at                  *
  * the top-level directory of this distribution for the individual copyright  *
@@ -20,7 +20,7 @@
 struct komodo_event *komodo_eventadd(struct komodo_state *sp,int32_t height,char *symbol,uint8_t type,uint8_t *data,uint16_t datalen)
 {
     struct komodo_event *ep=0; uint16_t len = (uint16_t)(sizeof(*ep) + datalen);
-    if ( sp != 0 )
+    if ( sp != 0 && ASSETCHAINS_SYMBOL[0] != 0 )
     {
         portable_mutex_lock(&komodo_mutex);
         ep = (struct komodo_event *)calloc(1,len);
@@ -55,7 +55,7 @@ void komodo_eventadd_notarized(struct komodo_state *sp,char *symbol,int32_t heig
         N.notarizedheight = notarizedheight;
         N.MoM = MoM;
         N.MoMdepth = MoMdepth;
-        strcpy(N.dest,dest);
+        strncpy(N.dest,dest,sizeof(N.dest)-1);
         komodo_eventadd(sp,height,symbol,KOMODO_EVENT_NOTARIZED,(uint8_t *)&N,sizeof(N));
         if ( sp != 0 )
             komodo_notarized_update(sp,height,notarizedheight,notarized_hash,notarized_desttxid,MoM,MoMdepth);
@@ -77,27 +77,34 @@ void komodo_eventadd_pubkeys(struct komodo_state *sp,char *symbol,int32_t height
 void komodo_eventadd_pricefeed(struct komodo_state *sp,char *symbol,int32_t height,uint32_t *prices,uint8_t num)
 {
     struct komodo_event_pricefeed F;
-    memset(&F,0,sizeof(F));
-    F.num = num;
-    memcpy(F.prices,prices,sizeof(*F.prices) * num);
-    komodo_eventadd(sp,height,symbol,KOMODO_EVENT_PRICEFEED,(uint8_t *)&F,(int32_t)(sizeof(F.num) + sizeof(*F.prices) * num));
-    if ( sp != 0 )
-        komodo_pvals(height,prices,num);
+    if ( num == sizeof(F.prices)/sizeof(*F.prices) )
+    {
+        memset(&F,0,sizeof(F));
+        F.num = num;
+        memcpy(F.prices,prices,sizeof(*F.prices) * num);
+        komodo_eventadd(sp,height,symbol,KOMODO_EVENT_PRICEFEED,(uint8_t *)&F,(int32_t)(sizeof(F.num) + sizeof(*F.prices) * num));
+        if ( sp != 0 )
+            komodo_pvals(height,prices,num);
+    } else fprintf(stderr,"skip pricefeed[%d]\n",num);
 }
 
 void komodo_eventadd_opreturn(struct komodo_state *sp,char *symbol,int32_t height,uint256 txid,uint64_t value,uint16_t vout,uint8_t *buf,uint16_t opretlen)
 {
-    struct komodo_event_opreturn O; uint8_t opret[16384];
-    memset(&O,0,sizeof(O));
-    O.txid = txid;
-    O.value = value;
-    O.vout = vout;
-    memcpy(opret,&O,sizeof(O));
-    memcpy(&opret[sizeof(O)],buf,opretlen);
-    O.oplen = (int32_t)(opretlen + sizeof(O));
-    komodo_eventadd(sp,height,symbol,KOMODO_EVENT_OPRETURN,opret,O.oplen);
-    if ( sp != 0 )
-        komodo_opreturn(height,value,buf,opretlen,txid,vout,symbol);
+    struct komodo_event_opreturn O; uint8_t *opret;
+    if ( ASSETCHAINS_SYMBOL[0] != 0 )
+    {
+        opret = (uint8_t *)calloc(1,sizeof(O) + opretlen + 16);
+        O.txid = txid;
+        O.value = value;
+        O.vout = vout;
+        memcpy(opret,&O,sizeof(O));
+        memcpy(&opret[sizeof(O)],buf,opretlen);
+        O.oplen = (int32_t)(opretlen + sizeof(O));
+        komodo_eventadd(sp,height,symbol,KOMODO_EVENT_OPRETURN,opret,O.oplen);
+        free(opret);
+        if ( sp != 0 )
+            komodo_opreturn(height,value,buf,opretlen,txid,vout,symbol);
+    }
 }
 
 void komodo_event_undo(struct komodo_state *sp,struct komodo_event *ep)
@@ -171,6 +178,7 @@ void komodo_eventadd_kmdheight(struct komodo_state *sp,char *symbol,int32_t heig
     }
     else
     {
+        //fprintf(stderr,"REWIND kmdheight.%d\n",kmdheight);
         kmdheight = -kmdheight;
         komodo_eventadd(sp,height,symbol,KOMODO_EVENT_REWIND,(uint8_t *)&height,sizeof(height));
         if ( sp != 0 )
@@ -180,30 +188,30 @@ void komodo_eventadd_kmdheight(struct komodo_state *sp,char *symbol,int32_t heig
 
 
 /*void komodo_eventadd_deposit(int32_t actionflag,char *symbol,int32_t height,uint64_t komodoshis,char *fiat,uint64_t fiatoshis,uint8_t rmd160[20],bits256 kmdtxid,uint16_t kmdvout,uint64_t price)
-{
-    uint8_t opret[512]; uint16_t opretlen;
-    komodo_eventadd_opreturn(symbol,height,KOMODO_OPRETURN_DEPOSIT,kmdtxid,komodoshis,kmdvout,opret,opretlen);
-}
-
-void komodo_eventadd_issued(int32_t actionflag,char *symbol,int32_t height,int32_t fiatheight,bits256 fiattxid,uint16_t fiatvout,bits256 kmdtxid,uint16_t kmdvout,uint64_t fiatoshis)
-{
-    uint8_t opret[512]; uint16_t opretlen;
-    komodo_eventadd_opreturn(symbol,height,KOMODO_OPRETURN_ISSUED,fiattxid,fiatoshis,fiatvout,opret,opretlen);
-}
-
-void komodo_eventadd_withdraw(int32_t actionflag,char *symbol,int32_t height,uint64_t komodoshis,char *fiat,uint64_t fiatoshis,uint8_t rmd160[20],bits256 fiattxid,int32_t fiatvout,uint64_t price)
-{
-    uint8_t opret[512]; uint16_t opretlen;
-    komodo_eventadd_opreturn(symbol,height,KOMODO_OPRETURN_WITHDRAW,fiattxid,fiatoshis,fiatvout,opret,opretlen);
-}
-
-void komodo_eventadd_redeemed(int32_t actionflag,char *symbol,int32_t height,bits256 kmdtxid,uint16_t kmdvout,int32_t fiatheight,bits256 fiattxid,uint16_t fiatvout,uint64_t komodoshis)
-{
-    uint8_t opret[512]; uint16_t opretlen;
-    komodo_eventadd_opreturn(symbol,height,KOMODO_OPRETURN_REDEEMED,kmdtxid,komodoshis,kmdvout,opret,opretlen);
-}*/
+ {
+ uint8_t opret[512]; uint16_t opretlen;
+ komodo_eventadd_opreturn(symbol,height,KOMODO_OPRETURN_DEPOSIT,kmdtxid,komodoshis,kmdvout,opret,opretlen);
+ }
+ 
+ void komodo_eventadd_issued(int32_t actionflag,char *symbol,int32_t height,int32_t fiatheight,bits256 fiattxid,uint16_t fiatvout,bits256 kmdtxid,uint16_t kmdvout,uint64_t fiatoshis)
+ {
+ uint8_t opret[512]; uint16_t opretlen;
+ komodo_eventadd_opreturn(symbol,height,KOMODO_OPRETURN_ISSUED,fiattxid,fiatoshis,fiatvout,opret,opretlen);
+ }
+ 
+ void komodo_eventadd_withdraw(int32_t actionflag,char *symbol,int32_t height,uint64_t komodoshis,char *fiat,uint64_t fiatoshis,uint8_t rmd160[20],bits256 fiattxid,int32_t fiatvout,uint64_t price)
+ {
+ uint8_t opret[512]; uint16_t opretlen;
+ komodo_eventadd_opreturn(symbol,height,KOMODO_OPRETURN_WITHDRAW,fiattxid,fiatoshis,fiatvout,opret,opretlen);
+ }
+ 
+ void komodo_eventadd_redeemed(int32_t actionflag,char *symbol,int32_t height,bits256 kmdtxid,uint16_t kmdvout,int32_t fiatheight,bits256 fiattxid,uint16_t fiatvout,uint64_t komodoshis)
+ {
+ uint8_t opret[512]; uint16_t opretlen;
+ komodo_eventadd_opreturn(symbol,height,KOMODO_OPRETURN_REDEEMED,kmdtxid,komodoshis,kmdvout,opret,opretlen);
+ }*/
 
 // process events
-// 
+//
 
 #endif