diff options
author | luigi1111 <luigi1111w@gmail.com> | 2021-11-26 23:05:31 -0600 |
---|---|---|
committer | luigi1111 <luigi1111w@gmail.com> | 2021-11-26 23:05:31 -0600 |
commit | 105e2304a2b6344cbfeb382d0e8950de7f7385e0 (patch) | |
tree | e95d7315781c56b3f343e1b252974621b02e553a | |
parent | Merge pull request #8071 (diff) | |
parent | rpc: fix DoS vector in get_output_distribution (diff) | |
download | monero-105e2304a2b6344cbfeb382d0e8950de7f7385e0.tar.xz |
Merge pull request #8083
e8e507f rpc: fix DoS vector in get_output_distribution (moneromooo-monero)
-rw-r--r-- | src/rpc/core_rpc_server.cpp | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp index 28ea03d28..98faac68b 100644 --- a/src/rpc/core_rpc_server.cpp +++ b/src/rpc/core_rpc_server.cpp @@ -3201,6 +3201,14 @@ namespace cryptonote if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_OUTPUT_DISTRIBUTION>(invoke_http_mode::JON_RPC, "get_output_distribution", req, res, r)) return r; + const bool restricted = m_restricted && ctx; + if (restricted && req.amounts != std::vector<uint64_t>(1, 0)) + { + error_resp.code = CORE_RPC_ERROR_CODE_RESTRICTED; + error_resp.message = "Restricted RPC can only get output distribution for rct outputs. Use your own node."; + return false; + } + size_t n_0 = 0, n_non0 = 0; for (uint64_t amount: req.amounts) if (amount) ++n_non0; else ++n_0; @@ -3242,6 +3250,13 @@ namespace cryptonote if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_OUTPUT_DISTRIBUTION>(invoke_http_mode::BIN, "/get_output_distribution.bin", req, res, r)) return r; + const bool restricted = m_restricted && ctx; + if (restricted && req.amounts != std::vector<uint64_t>(1, 0)) + { + res.status = "Restricted RPC can only get output distribution for rct outputs. Use your own node."; + return false; + } + size_t n_0 = 0, n_non0 = 0; for (uint64_t amount: req.amounts) if (amount) ++n_non0; else ++n_0; |