aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRiccardo Spagni <ric@spagni.net>2014-09-24 22:28:25 +0200
committerThomas Winget <tewinget@gmail.com>2014-09-24 22:17:33 -0400
commit4e2b2b942daa4206ec44c66e59863670dfe3fde4 (patch)
tree1f07b2ba7a500b10b723b0ca00cbc36329844d7e
parentMerge pull request #159 (diff)
downloadmonero-4e2b2b942daa4206ec44c66e59863670dfe3fde4.tar.xz
low risk, potentially varint overflow bug patched thanks to BBR
Diffstat (limited to '')
-rw-r--r--src/common/varint.h25
-rw-r--r--src/cryptonote_core/cryptonote_basic.h1
-rw-r--r--src/cryptonote_core/cryptonote_core.cpp8
-rw-r--r--src/cryptonote_core/cryptonote_core.h2
-rw-r--r--src/cryptonote_core/cryptonote_format_utils.cpp17
-rw-r--r--src/cryptonote_core/cryptonote_format_utils.h2
-rw-r--r--src/cryptonote_core/tx_pool.cpp9
-rw-r--r--src/cryptonote_core/tx_pool.h4
-rw-r--r--tests/unit_tests/serialization.cpp31
9 files changed, 85 insertions, 14 deletions
diff --git a/src/common/varint.h b/src/common/varint.h
index 5a73c2746..57386597a 100644
--- a/src/common/varint.h
+++ b/src/common/varint.h
@@ -36,7 +36,7 @@
#include <sstream>
#include <string>
/*! \file varint.h
- * \breif provides the implementation of varint's
+ * \brief provides the implementation of varint's
*
* The representation of varints is rather odd. The first bit of each
* octet is significant, it represents wheter there is another part
@@ -52,6 +52,29 @@
namespace tools {
+ template<typename T>
+ size_t get_varint_packed_size(T v)
+ {
+ if(v <= 127)
+ return 1;
+ else if(v <= 16383)
+ return 2;
+ else if(v <= 2097151)
+ return 3;
+ else if(v <= 268435455)
+ return 4;
+ else if(v <= 34359738367)
+ return 5;
+ else if(v <= 4398046511103)
+ return 6;
+ else if(v <= 4398046511103)
+ return 6;
+ else if(v <= 562949953421311)
+ return 7;
+ else
+ return 8;
+ }
+
/*! \brief Error codes for varint
*/
enum {
diff --git a/src/cryptonote_core/cryptonote_basic.h b/src/cryptonote_core/cryptonote_basic.h
index dfdfa03e5..fca4e227e 100644
--- a/src/cryptonote_core/cryptonote_basic.h
+++ b/src/cryptonote_core/cryptonote_basic.h
@@ -226,7 +226,6 @@ namespace cryptonote
ar.end_array();
END_SERIALIZE()
- private:
static size_t get_signature_size(const txin_v& tx_in);
};
diff --git a/src/cryptonote_core/cryptonote_core.cpp b/src/cryptonote_core/cryptonote_core.cpp
index 964d61e2f..e6aa679d7 100644
--- a/src/cryptonote_core/cryptonote_core.cpp
+++ b/src/cryptonote_core/cryptonote_core.cpp
@@ -191,7 +191,7 @@ namespace cryptonote
return false;
}
- bool r = add_new_tx(tx, tx_hash, tx_prefixt_hash, tx_blob.size(), tvc, keeped_by_block);
+ bool r = add_new_tx(tx, tx_hash, tx_prefixt_hash, tvc, keeped_by_block);
if(tvc.m_verifivation_failed)
{LOG_PRINT_RED_L1("Transaction verification failed: " << tx_hash);}
else if(tvc.m_verifivation_impossible)
@@ -284,7 +284,7 @@ namespace cryptonote
crypto::hash tx_prefix_hash = get_transaction_prefix_hash(tx);
blobdata bl;
t_serializable_object_to_blob(tx, bl);
- return add_new_tx(tx, tx_hash, tx_prefix_hash, bl.size(), tvc, keeped_by_block);
+ return add_new_tx(tx, tx_hash, tx_prefix_hash, tvc, keeped_by_block);
}
//-----------------------------------------------------------------------------------------------
size_t core::get_blockchain_total_transactions()
@@ -297,7 +297,7 @@ namespace cryptonote
// return m_blockchain_storage.get_outs(amount, pkeys);
//}
//-----------------------------------------------------------------------------------------------
- bool core::add_new_tx(const transaction& tx, const crypto::hash& tx_hash, const crypto::hash& tx_prefix_hash, size_t blob_size, tx_verification_context& tvc, bool keeped_by_block)
+ bool core::add_new_tx(const transaction& tx, const crypto::hash& tx_hash, const crypto::hash& tx_prefix_hash, tx_verification_context& tvc, bool keeped_by_block)
{
if(m_mempool.have_tx(tx_hash))
{
@@ -311,7 +311,7 @@ namespace cryptonote
return true;
}
- return m_mempool.add_tx(tx, tx_hash, blob_size, tvc, keeped_by_block);
+ return m_mempool.add_tx(tx, tx_hash, tvc, keeped_by_block);
}
//-----------------------------------------------------------------------------------------------
bool core::get_block_template(block& b, const account_public_address& adr, difficulty_type& diffic, uint64_t& height, const blobdata& ex_nonce)
diff --git a/src/cryptonote_core/cryptonote_core.h b/src/cryptonote_core/cryptonote_core.h
index ba2aed015..e9ab20114 100644
--- a/src/cryptonote_core/cryptonote_core.h
+++ b/src/cryptonote_core/cryptonote_core.h
@@ -120,7 +120,7 @@ namespace cryptonote
uint64_t get_target_blockchain_height() const;
private:
- bool add_new_tx(const transaction& tx, const crypto::hash& tx_hash, const crypto::hash& tx_prefix_hash, size_t blob_size, tx_verification_context& tvc, bool keeped_by_block);
+ bool add_new_tx(const transaction& tx, const crypto::hash& tx_hash, const crypto::hash& tx_prefix_hash, tx_verification_context& tvc, bool keeped_by_block);
bool add_new_tx(const transaction& tx, tx_verification_context& tvc, bool keeped_by_block);
bool add_new_block(const block& b, block_verification_context& bvc);
bool load_state_data();
diff --git a/src/cryptonote_core/cryptonote_format_utils.cpp b/src/cryptonote_core/cryptonote_format_utils.cpp
index 33cad30c4..e46bd390d 100644
--- a/src/cryptonote_core/cryptonote_format_utils.cpp
+++ b/src/cryptonote_core/cryptonote_format_utils.cpp
@@ -742,6 +742,23 @@ namespace cryptonote
return true;
}
//---------------------------------------------------------------
+ size_t get_object_blobsize(const transaction& t)
+ {
+ size_t prefix_blob = get_object_blobsize(static_cast<const transaction_prefix&>(t));
+
+ if(is_coinbase(t))
+ return prefix_blob;
+
+ for(const auto& in: t.vin)
+ {
+ size_t sig_count = transaction::get_signature_size(in);
+ prefix_blob += 64*sig_count;
+ prefix_blob += tools::get_varint_packed_size(sig_count);
+ }
+ prefix_blob += tools::get_varint_packed_size(t.vin.size());
+ return prefix_blob;
+ }
+ //---------------------------------------------------------------
blobdata block_to_blob(const block& b)
{
return t_serializable_object_to_blob(b);
diff --git a/src/cryptonote_core/cryptonote_format_utils.h b/src/cryptonote_core/cryptonote_format_utils.h
index 9fa7f0545..58186b8cf 100644
--- a/src/cryptonote_core/cryptonote_format_utils.h
+++ b/src/cryptonote_core/cryptonote_format_utils.h
@@ -157,6 +157,8 @@ namespace cryptonote
return b.size();
}
//---------------------------------------------------------------
+ size_t get_object_blobsize(const transaction& t);
+ //---------------------------------------------------------------
template<class t_object>
bool get_object_hash(const t_object& o, crypto::hash& res, size_t& blob_size)
{
diff --git a/src/cryptonote_core/tx_pool.cpp b/src/cryptonote_core/tx_pool.cpp
index 81f932014..3764cfe77 100644
--- a/src/cryptonote_core/tx_pool.cpp
+++ b/src/cryptonote_core/tx_pool.cpp
@@ -59,9 +59,9 @@ namespace cryptonote
}
//---------------------------------------------------------------------------------
- bool tx_memory_pool::add_tx(const transaction &tx, /*const crypto::hash& tx_prefix_hash,*/ const crypto::hash &id, size_t blob_size, tx_verification_context& tvc, bool kept_by_block)
+ bool tx_memory_pool::add_tx(const transaction &tx, const crypto::hash &id, tx_verification_context& tvc, bool kept_by_block)
{
-
+ size_t blob_size = get_object_blobsize(tx);
if(!check_inputs_types_supported(tx))
{
@@ -179,9 +179,8 @@ namespace cryptonote
bool tx_memory_pool::add_tx(const transaction &tx, tx_verification_context& tvc, bool keeped_by_block)
{
crypto::hash h = null_hash;
- size_t blob_size = 0;
- get_transaction_hash(tx, h, blob_size);
- return add_tx(tx, h, blob_size, tvc, keeped_by_block);
+ get_transaction_hash(tx, h);
+ return add_tx(tx, h, tvc, keeped_by_block);
}
//---------------------------------------------------------------------------------
bool tx_memory_pool::remove_transaction_keyimages(const transaction& tx)
diff --git a/src/cryptonote_core/tx_pool.h b/src/cryptonote_core/tx_pool.h
index 7617765cc..fb623a3d2 100644
--- a/src/cryptonote_core/tx_pool.h
+++ b/src/cryptonote_core/tx_pool.h
@@ -56,7 +56,7 @@ namespace cryptonote
{
public:
tx_memory_pool(blockchain_storage& bchs);
- bool add_tx(const transaction &tx, const crypto::hash &id, size_t blob_size, tx_verification_context& tvc, bool keeped_by_block);
+ bool add_tx(const transaction &tx, const crypto::hash &id, tx_verification_context& tvc, bool keeped_by_block);
bool add_tx(const transaction &tx, tx_verification_context& tvc, bool keeped_by_block);
//gets tx and remove it from pool
bool take_tx(const crypto::hash &id, transaction &tx, size_t& blob_size, uint64_t& fee);
@@ -81,7 +81,7 @@ namespace cryptonote
/*bool flush_pool(const std::strig& folder);
bool inflate_pool(const std::strig& folder);*/
-#define CURRENT_MEMPOOL_ARCHIVE_VER 8
+#define CURRENT_MEMPOOL_ARCHIVE_VER 9
template<class archive_t>
void serialize(archive_t & a, const unsigned int version)
diff --git a/tests/unit_tests/serialization.cpp b/tests/unit_tests/serialization.cpp
index 4a254b5a4..3ae5bcdf6 100644
--- a/tests/unit_tests/serialization.cpp
+++ b/tests/unit_tests/serialization.cpp
@@ -299,6 +299,37 @@ namespace
}
}
+bool test_get_varint_packed_size_for_num(uint64_t n)
+{
+std::stringstream ss;
+typedef std::ostreambuf_iterator<char> it;
+tools::write_varint(it(ss), n);
+uint64_t sz = ss.str().size();
+if(sz != tools::get_varint_packed_size(n))
+return false;
+else
+return true;
+}
+TEST(Serialization, validate_get_varint_packed_size)
+{
+ASSERT_TRUE(test_get_varint_packed_size_for_num(127));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(128));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(16383));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(16383+1));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(2097151));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(2097151+1));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(268435455));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(268435455+1));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(34359738367));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(34359738367+1));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(4398046511103));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(4398046511103+1));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(4398046511103));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(4398046511103+1));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(562949953421311));
+ASSERT_TRUE(test_get_varint_packed_size_for_num(562949953421311+1));
+}
+
TEST(Serialization, serializes_transacion_signatures_correctly)
{
using namespace cryptonote;