simplewallet: validate hex input size

author: moneromooo-monero <moneromooo-monero@users.noreply.github.com> 2017-02-14 19:35:44 +0000
committer: moneromooo-monero <moneromooo-monero@users.noreply.github.com> 2017-02-14 19:45:46 +0000
commit: 83ec209f42f02deab973254231efeb794edf2c16 (patch)
tree: 32ed00a75bce1b2f3c6611400dca7a2537367351 /src/wallet
parent: Merge pull request #1719 (diff)
download: monero-83ec209f42f02deab973254231efeb794edf2c16.tar.xz
4 files changed, 12 insertions, 12 deletions
diff --git a/src/wallet/api/wallet.cpp b/src/wallet/api/wallet.cpp
index c46de6b06..326ca26a0 100644
--- a/src/wallet/api/wallet.cpp
+++ b/src/wallet/api/wallet.cpp
@@ -1157,7 +1157,7 @@ void WalletImpl::setDefaultMixin(uint32_t arg)
 bool WalletImpl::setUserNote(const std::string &txid, const std::string &note)
 {
     cryptonote::blobdata txid_data;
-    if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data))
+    if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data) || txid_data.size() != sizeof(crypto::hash))
       return false;
     const crypto::hash htxid = *reinterpret_cast<const crypto::hash*>(txid_data.data());
 
@@ -1168,7 +1168,7 @@ bool WalletImpl::setUserNote(const std::string &txid, const std::string &note)
 std::string WalletImpl::getUserNote(const std::string &txid) const
 {
     cryptonote::blobdata txid_data;
-    if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data))
+    if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data) || txid_data.size() != sizeof(crypto::hash))
       return "";
     const crypto::hash htxid = *reinterpret_cast<const crypto::hash*>(txid_data.data());
 
@@ -1178,7 +1178,7 @@ std::string WalletImpl::getUserNote(const std::string &txid) const
 std::string WalletImpl::getTxKey(const std::string &txid) const
 {
     cryptonote::blobdata txid_data;
-    if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data))
+    if(!epee::string_tools::parse_hexstr_to_binbuff(txid, txid_data) || txid_data.size() != sizeof(crypto::hash))
     {
       return "";
     }
diff --git a/src/wallet/api/wallet_manager.cpp b/src/wallet/api/wallet_manager.cpp
index 4104e7884..6feec75bd 100644
--- a/src/wallet/api/wallet_manager.cpp
+++ b/src/wallet/api/wallet_manager.cpp
@@ -182,7 +182,7 @@ bool WalletManagerImpl::checkPayment(const std::string &address_text, const std:
 {
   error = "";
   cryptonote::blobdata txid_data;
-  if(!epee::string_tools::parse_hexstr_to_binbuff(txid_text, txid_data))
+  if(!epee::string_tools::parse_hexstr_to_binbuff(txid_text, txid_data) || txid_data.size() != sizeof(crypto::hash))
   {
     error = tr("failed to parse txid");
     return false;
@@ -196,7 +196,7 @@ bool WalletManagerImpl::checkPayment(const std::string &address_text, const std:
   }
   crypto::secret_key tx_key;
   cryptonote::blobdata tx_key_data;
-  if(!epee::string_tools::parse_hexstr_to_binbuff(txkey_text, tx_key_data))
+  if(!epee::string_tools::parse_hexstr_to_binbuff(txkey_text, tx_key_data) || tx_key_data.size() != sizeof(crypto::hash))
   {
     error = tr("failed to parse tx key");
     return false;
diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index e7a175dc7..250210cb0 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -251,7 +251,7 @@ std::unique_ptr<tools::wallet2> generate_from_json(const std::string& json_file,
     if (field_viewkey_found)
     {
       cryptonote::blobdata viewkey_data;
-      if(!epee::string_tools::parse_hexstr_to_binbuff(field_viewkey, viewkey_data))
+      if(!epee::string_tools::parse_hexstr_to_binbuff(field_viewkey, viewkey_data) || viewkey_data.size() != sizeof(crypto::secret_key))
       {
         tools::fail_msg_writer() << tools::wallet2::tr("failed to parse view key secret key");
         return false;
@@ -269,7 +269,7 @@ std::unique_ptr<tools::wallet2> generate_from_json(const std::string& json_file,
     if (field_spendkey_found)
     {
       cryptonote::blobdata spendkey_data;
-      if(!epee::string_tools::parse_hexstr_to_binbuff(field_spendkey, spendkey_data))
+      if(!epee::string_tools::parse_hexstr_to_binbuff(field_spendkey, spendkey_data) || spendkey_data.size() != sizeof(crypto::secret_key))
       {
         tools::fail_msg_writer() << tools::wallet2::tr("failed to parse spend key secret key");
         return false;
@@ -1456,7 +1456,7 @@ void wallet2::update_pool_state()
   for (auto it: res.transactions)
   {
     cryptonote::blobdata txid_data;
-    if(epee::string_tools::parse_hexstr_to_binbuff(it.id_hash, txid_data))
+    if(epee::string_tools::parse_hexstr_to_binbuff(it.id_hash, txid_data) && txid_data.size() == sizeof(crypto::hash))
     {
       const crypto::hash txid = *reinterpret_cast<const crypto::hash*>(txid_data.data());
       if (m_unconfirmed_payments.find(txid) == m_unconfirmed_payments.end())
diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp
index 881279e42..ee50c3cdb 100644
--- a/src/wallet/wallet_rpc_server.cpp
+++ b/src/wallet/wallet_rpc_server.cpp
@@ -983,7 +983,7 @@ namespace tools
     while (i != req.txids.end())
     {
       cryptonote::blobdata txid_blob;
-      if(!epee::string_tools::parse_hexstr_to_binbuff(*i++, txid_blob))
+      if(!epee::string_tools::parse_hexstr_to_binbuff(*i++, txid_blob) || txid_blob.size() != sizeof(crypto::hash))
       {
         er.code = WALLET_RPC_ERROR_CODE_WRONG_TXID;
         er.message = "TX ID has invalid format";
@@ -1013,7 +1013,7 @@ namespace tools
     while (i != req.txids.end())
     {
       cryptonote::blobdata txid_blob;
-      if(!epee::string_tools::parse_hexstr_to_binbuff(*i++, txid_blob))
+      if(!epee::string_tools::parse_hexstr_to_binbuff(*i++, txid_blob) || txid_blob.size() != sizeof(crypto::hash))
       {
         er.code = WALLET_RPC_ERROR_CODE_WRONG_TXID;
         er.message = "TX ID has invalid format";
@@ -1206,7 +1206,7 @@ namespace tools
       {
         cryptonote::blobdata bd;
 
-        if(!epee::string_tools::parse_hexstr_to_binbuff(req.signed_key_images[n].key_image, bd))
+        if(!epee::string_tools::parse_hexstr_to_binbuff(req.signed_key_images[n].key_image, bd) || bd.size() != sizeof(crypto::key_image))
         {
           er.code = WALLET_RPC_ERROR_CODE_WRONG_KEY_IMAGE;
           er.message = "failed to parse key image";
@@ -1214,7 +1214,7 @@ namespace tools
         }
         ski[n].first = *reinterpret_cast<const crypto::key_image*>(bd.data());
 
-        if(!epee::string_tools::parse_hexstr_to_binbuff(req.signed_key_images[n].signature, bd))
+        if(!epee::string_tools::parse_hexstr_to_binbuff(req.signed_key_images[n].signature, bd) || bd.size() != sizeof(crypto::signature))
         {
           er.code = WALLET_RPC_ERROR_CODE_WRONG_SIGNATURE;
           er.message = "failed to parse signature";
author	moneromooo-monero <moneromooo-monero@users.noreply.github.com>	2017-02-14 19:35:44 +0000
committer	moneromooo-monero <moneromooo-monero@users.noreply.github.com>	2017-02-14 19:45:46 +0000
commit	83ec209f42f02deab973254231efeb794edf2c16 (patch)
tree	32ed00a75bce1b2f3c6611400dca7a2537367351 /src/wallet
parent	Merge pull request #1719 (diff)
download	monero-83ec209f42f02deab973254231efeb794edf2c16.tar.xz