aboutsummaryrefslogtreecommitdiff
path: root/src/wallet
diff options
context:
space:
mode:
authorRiccardo Spagni <ric@spagni.net>2017-01-08 16:37:11 -0800
committerRiccardo Spagni <ric@spagni.net>2017-01-08 16:37:11 -0800
commit06de09daf4e7f63348d401a1e615762a24547979 (patch)
treefc0fa3fd02d37169ca586c0cd40554fe2a0f4d94 /src/wallet
parentMerge pull request #1500 (diff)
parentwallet2: check the node returned the real output when requested (diff)
downloadmonero-06de09daf4e7f63348d401a1e615762a24547979.tar.xz
Merge pull request #1501
cebae0c5 wallet2: check the node returned the real output when requested (moneromooo-monero)
Diffstat (limited to 'src/wallet')
-rw-r--r--src/wallet/wallet2.cpp17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 28702ca25..e0a3a23bd 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -3453,6 +3453,23 @@ void wallet2::get_outs(std::vector<std::vector<entry>> &outs, const std::list<si
outs.back().reserve(fake_outputs_count + 1);
const rct::key mask = td.is_rct() ? rct::commit(td.amount(), td.m_mask) : rct::zeroCommit(td.amount());
+ // make sure the real outputs we asked for are really included, along
+ // with the correct key and mask: this guards against an active attack
+ // where the node sends dummy data for all outputs, and we then send
+ // the real one, which the node can then tell from the fake outputs,
+ // as it has different data than the dummy data it had sent earlier
+ bool real_out_found = false;
+ for (size_t n = 0; n < requested_outputs_count; ++n)
+ {
+ size_t i = base + n;
+ if (req.outputs[i].index == td.m_global_output_index)
+ if (daemon_resp.outs[i].key == boost::get<txout_to_key>(td.m_tx.vout[td.m_internal_output_index].target).key)
+ if (daemon_resp.outs[i].mask == mask)
+ real_out_found = true;
+ }
+ THROW_WALLET_EXCEPTION_IF(!real_out_found, error::wallet_internal_error,
+ "Daemon response did not include the requested real output");
+
// pick real out first (it will be sorted when done)
outs.back().push_back(std::make_tuple(td.m_global_output_index, boost::get<txout_to_key>(td.m_tx.vout[td.m_internal_output_index].target).key, mask));