aboutsummaryrefslogtreecommitdiff
path: root/tests/fuzz/cold-transaction.cpp
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2020-06-24 23:26:58 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2020-08-17 16:23:58 +0000
commit7175dcb1078abbdaa130a8c5f5fd2b93fa7b3086 (patch)
tree640b83c4101dc992151630a76a13597913d2dd08 /tests/fuzz/cold-transaction.cpp
parentMerge pull request #6736 (diff)
downloadmonero-7175dcb1078abbdaa130a8c5f5fd2b93fa7b3086.tar.xz
replace most boost serialization with existing monero serialization
This reduces the attack surface for data that can come from malicious sources (exported output and key images, multisig transactions...) since the monero serialization is already exposed to the outside, and the boost lib we were using had a few known crashers. For interoperability, a new load-deprecated-formats wallet setting is added (off by default). This allows loading boost format data if there is no alternative. It will likely go at some point, along with the ability to load those. Notably, the peer lists file still uses the boost serialization code, as the data it stores is define in epee, while the new serialization code is in monero, and migrating it was fairly hairy. Since this file is local and not obtained from anyone else, the marginal risk is minimal, but it could be migrated later if needed. Some tests and tools also do, this will stay as is for now.
Diffstat (limited to 'tests/fuzz/cold-transaction.cpp')
-rw-r--r--tests/fuzz/cold-transaction.cpp8
1 files changed, 4 insertions, 4 deletions
diff --git a/tests/fuzz/cold-transaction.cpp b/tests/fuzz/cold-transaction.cpp
index 36fb35e15..135343704 100644
--- a/tests/fuzz/cold-transaction.cpp
+++ b/tests/fuzz/cold-transaction.cpp
@@ -40,7 +40,7 @@ BEGIN_INIT_SIMPLE_FUZZER()
static tools::wallet2 local_wallet;
wallet = &local_wallet;
- static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f";
+ static const char * const spendkey_hex = "f285d4ac9e66271256fc7cde0d3d6b36f66efff6ccd766706c408e86f4997a0d";
crypto::secret_key spendkey;
epee::string_tools::hex_to_pod(spendkey_hex, spendkey);
@@ -50,12 +50,12 @@ BEGIN_INIT_SIMPLE_FUZZER()
END_INIT_SIMPLE_FUZZER()
BEGIN_SIMPLE_FUZZER()
- std::string s = std::string("\x01\x16serialization::archive") + std::string((const char*)buf, len);
+ std::string s((const char*)buf, len);
tools::wallet2::unsigned_tx_set exported_txs;
std::stringstream iss;
iss << s;
- boost::archive::portable_binary_iarchive ar(iss);
- ar >> exported_txs;
+ binary_archive<false> ar(iss);
+ ::serialization::serialize(ar, exported_txs);
std::vector<tools::wallet2::pending_tx> ptx;
bool success = wallet->sign_tx(exported_txs, "/tmp/cold-transaction-test-signed", ptx);
std::cout << (success ? "signed" : "error") << std::endl;