From 6137a0b94d86e9f1c3321969da1c74f1d5e72b4f Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Tue, 12 Sep 2017 21:41:30 +0100 Subject: blockchain: reject unsorted ins and outs from v7 This ensures no information is leaked by the ordering --- src/common/apply_permutation.h | 9 +++++++- src/cryptonote_core/blockchain.cpp | 39 ++++++++++++++++++++++++++++++++++ tests/unit_tests/apply_permutation.cpp | 29 +++++++++++++++++++++++++ 3 files changed, 76 insertions(+), 1 deletion(-) diff --git a/src/common/apply_permutation.h b/src/common/apply_permutation.h index 4de224690..4fd952686 100644 --- a/src/common/apply_permutation.h +++ b/src/common/apply_permutation.h @@ -32,12 +32,18 @@ #include #include +#include "misc_log_ex.h" namespace tools { -void apply_permutation(std::vector permutation, const std::function &swap) +template +void apply_permutation(std::vector permutation, const F &swap) { + //sanity check + for (size_t n = 0; n < permutation.size(); ++n) + CHECK_AND_ASSERT_THROW_MES(std::find(permutation.begin(), permutation.end(), n) != permutation.end(), "Bad permutation"); + for (size_t i = 0; i < permutation.size(); ++i) { size_t current = i; @@ -55,6 +61,7 @@ void apply_permutation(std::vector permutation, const std::function void apply_permutation(const std::vector &permutation, std::vector &v) { + CHECK_AND_ASSERT_THROW_MES(permutation.size() == v.size(), "Mismatched vector sizes"); apply_permutation(permutation, [&v](size_t i0, size_t i1){ std::swap(v[i0], v[i1]); }); } diff --git a/src/cryptonote_core/blockchain.cpp b/src/cryptonote_core/blockchain.cpp index 93a4e26f8..c0d142979 100644 --- a/src/cryptonote_core/blockchain.cpp +++ b/src/cryptonote_core/blockchain.cpp @@ -2333,6 +2333,26 @@ bool Blockchain::check_tx_outputs(const transaction& tx, tx_verification_context } } + // from v7, sorted outs + if (m_hardfork->get_current_version() >= 7) { + const crypto::public_key *last_key = NULL; + for (size_t n = 0; n < tx.vout.size(); ++n) + { + const tx_out &o = tx.vout[n]; + if (o.target.type() == typeid(txout_to_key)) + { + const txout_to_key& out_to_key = boost::get(o.target); + if (last_key && memcmp(&out_to_key.key, last_key, sizeof(*last_key)) >= 0) + { + MERROR_VER("transaction has unsorted outputs"); + tvc.m_invalid_output = true; + return false; + } + last_key = &out_to_key.key; + } + } + } + return true; } //------------------------------------------------------------------ @@ -2501,6 +2521,25 @@ bool Blockchain::check_tx_inputs(transaction& tx, tx_verification_context &tvc, } } + // from v7, sorted ins + if (hf_version >= 7) { + const crypto::key_image *last_key_image = NULL; + for (size_t n = 0; n < tx.vin.size(); ++n) + { + const txin_v &txin = tx.vin[n]; + if (txin.type() == typeid(txin_to_key)) + { + const txin_to_key& in_to_key = boost::get(txin); + if (last_key_image && memcmp(&in_to_key.k_image, last_key_image, sizeof(*last_key_image)) >= 0) + { + MERROR_VER("transaction has unsorted inputs"); + tvc.m_verifivation_failed = true; + return false; + } + last_key_image = &in_to_key.k_image; + } + } + } auto it = m_check_txin_table.find(tx_prefix_hash); if(it == m_check_txin_table.end()) { diff --git a/tests/unit_tests/apply_permutation.cpp b/tests/unit_tests/apply_permutation.cpp index 888a00746..a008b74ee 100644 --- a/tests/unit_tests/apply_permutation.cpp +++ b/tests/unit_tests/apply_permutation.cpp @@ -43,3 +43,32 @@ TEST(apply_permutation, reorder) tools::apply_permutation({3, 5, 6, 1, 2, 4, 0}, v); ASSERT_EQ(v, std::vector({1, 2, 4, 4, 6, 7, 8})); } + +TEST(apply_permutation, bad_size) +{ + std::vector v_large = {8, 4, 6, 1, 7, 2, 4, 9}; + std::vector v_small = {8, 4, 6, 1, 7, 2}; + try + { + tools::apply_permutation({3, 5, 6, 1, 2, 4, 0}, v_large); + ASSERT_FALSE(true); + } + catch (const std::exception &e) {} + try + { + tools::apply_permutation({3, 5, 6, 1, 2, 4, 0}, v_small); + ASSERT_FALSE(true); + } + catch (const std::exception &e) {} +} + +TEST(apply_permutation, bad_permutation) +{ + std::vector v = {8, 4, 6, 1, 7, 2, 4}; + try + { + tools::apply_permutation({3, 5, 6, 1, 2, 4, 1}, v); + ASSERT_FALSE(true); + } + catch (const std::exception &e) {} +} -- cgit v1.2.3