From 4e2b2b942daa4206ec44c66e59863670dfe3fde4 Mon Sep 17 00:00:00 2001 From: Riccardo Spagni Date: Wed, 24 Sep 2014 22:28:25 +0200 Subject: low risk, potentially varint overflow bug patched thanks to BBR --- src/cryptonote_core/cryptonote_basic.h | 1 - src/cryptonote_core/cryptonote_core.cpp | 8 ++++---- src/cryptonote_core/cryptonote_core.h | 2 +- src/cryptonote_core/cryptonote_format_utils.cpp | 17 +++++++++++++++++ src/cryptonote_core/cryptonote_format_utils.h | 2 ++ src/cryptonote_core/tx_pool.cpp | 9 ++++----- src/cryptonote_core/tx_pool.h | 4 ++-- 7 files changed, 30 insertions(+), 13 deletions(-) (limited to 'src/cryptonote_core') diff --git a/src/cryptonote_core/cryptonote_basic.h b/src/cryptonote_core/cryptonote_basic.h index dfdfa03e5..fca4e227e 100644 --- a/src/cryptonote_core/cryptonote_basic.h +++ b/src/cryptonote_core/cryptonote_basic.h @@ -226,7 +226,6 @@ namespace cryptonote ar.end_array(); END_SERIALIZE() - private: static size_t get_signature_size(const txin_v& tx_in); }; diff --git a/src/cryptonote_core/cryptonote_core.cpp b/src/cryptonote_core/cryptonote_core.cpp index 964d61e2f..e6aa679d7 100644 --- a/src/cryptonote_core/cryptonote_core.cpp +++ b/src/cryptonote_core/cryptonote_core.cpp @@ -191,7 +191,7 @@ namespace cryptonote return false; } - bool r = add_new_tx(tx, tx_hash, tx_prefixt_hash, tx_blob.size(), tvc, keeped_by_block); + bool r = add_new_tx(tx, tx_hash, tx_prefixt_hash, tvc, keeped_by_block); if(tvc.m_verifivation_failed) {LOG_PRINT_RED_L1("Transaction verification failed: " << tx_hash);} else if(tvc.m_verifivation_impossible) @@ -284,7 +284,7 @@ namespace cryptonote crypto::hash tx_prefix_hash = get_transaction_prefix_hash(tx); blobdata bl; t_serializable_object_to_blob(tx, bl); - return add_new_tx(tx, tx_hash, tx_prefix_hash, bl.size(), tvc, keeped_by_block); + return add_new_tx(tx, tx_hash, tx_prefix_hash, tvc, keeped_by_block); } //----------------------------------------------------------------------------------------------- size_t core::get_blockchain_total_transactions() @@ -297,7 +297,7 @@ namespace cryptonote // return m_blockchain_storage.get_outs(amount, pkeys); //} //----------------------------------------------------------------------------------------------- - bool core::add_new_tx(const transaction& tx, const crypto::hash& tx_hash, const crypto::hash& tx_prefix_hash, size_t blob_size, tx_verification_context& tvc, bool keeped_by_block) + bool core::add_new_tx(const transaction& tx, const crypto::hash& tx_hash, const crypto::hash& tx_prefix_hash, tx_verification_context& tvc, bool keeped_by_block) { if(m_mempool.have_tx(tx_hash)) { @@ -311,7 +311,7 @@ namespace cryptonote return true; } - return m_mempool.add_tx(tx, tx_hash, blob_size, tvc, keeped_by_block); + return m_mempool.add_tx(tx, tx_hash, tvc, keeped_by_block); } //----------------------------------------------------------------------------------------------- bool core::get_block_template(block& b, const account_public_address& adr, difficulty_type& diffic, uint64_t& height, const blobdata& ex_nonce) diff --git a/src/cryptonote_core/cryptonote_core.h b/src/cryptonote_core/cryptonote_core.h index ba2aed015..e9ab20114 100644 --- a/src/cryptonote_core/cryptonote_core.h +++ b/src/cryptonote_core/cryptonote_core.h @@ -120,7 +120,7 @@ namespace cryptonote uint64_t get_target_blockchain_height() const; private: - bool add_new_tx(const transaction& tx, const crypto::hash& tx_hash, const crypto::hash& tx_prefix_hash, size_t blob_size, tx_verification_context& tvc, bool keeped_by_block); + bool add_new_tx(const transaction& tx, const crypto::hash& tx_hash, const crypto::hash& tx_prefix_hash, tx_verification_context& tvc, bool keeped_by_block); bool add_new_tx(const transaction& tx, tx_verification_context& tvc, bool keeped_by_block); bool add_new_block(const block& b, block_verification_context& bvc); bool load_state_data(); diff --git a/src/cryptonote_core/cryptonote_format_utils.cpp b/src/cryptonote_core/cryptonote_format_utils.cpp index 33cad30c4..e46bd390d 100644 --- a/src/cryptonote_core/cryptonote_format_utils.cpp +++ b/src/cryptonote_core/cryptonote_format_utils.cpp @@ -742,6 +742,23 @@ namespace cryptonote return true; } //--------------------------------------------------------------- + size_t get_object_blobsize(const transaction& t) + { + size_t prefix_blob = get_object_blobsize(static_cast(t)); + + if(is_coinbase(t)) + return prefix_blob; + + for(const auto& in: t.vin) + { + size_t sig_count = transaction::get_signature_size(in); + prefix_blob += 64*sig_count; + prefix_blob += tools::get_varint_packed_size(sig_count); + } + prefix_blob += tools::get_varint_packed_size(t.vin.size()); + return prefix_blob; + } + //--------------------------------------------------------------- blobdata block_to_blob(const block& b) { return t_serializable_object_to_blob(b); diff --git a/src/cryptonote_core/cryptonote_format_utils.h b/src/cryptonote_core/cryptonote_format_utils.h index 9fa7f0545..58186b8cf 100644 --- a/src/cryptonote_core/cryptonote_format_utils.h +++ b/src/cryptonote_core/cryptonote_format_utils.h @@ -157,6 +157,8 @@ namespace cryptonote return b.size(); } //--------------------------------------------------------------- + size_t get_object_blobsize(const transaction& t); + //--------------------------------------------------------------- template bool get_object_hash(const t_object& o, crypto::hash& res, size_t& blob_size) { diff --git a/src/cryptonote_core/tx_pool.cpp b/src/cryptonote_core/tx_pool.cpp index 81f932014..3764cfe77 100644 --- a/src/cryptonote_core/tx_pool.cpp +++ b/src/cryptonote_core/tx_pool.cpp @@ -59,9 +59,9 @@ namespace cryptonote } //--------------------------------------------------------------------------------- - bool tx_memory_pool::add_tx(const transaction &tx, /*const crypto::hash& tx_prefix_hash,*/ const crypto::hash &id, size_t blob_size, tx_verification_context& tvc, bool kept_by_block) + bool tx_memory_pool::add_tx(const transaction &tx, const crypto::hash &id, tx_verification_context& tvc, bool kept_by_block) { - + size_t blob_size = get_object_blobsize(tx); if(!check_inputs_types_supported(tx)) { @@ -179,9 +179,8 @@ namespace cryptonote bool tx_memory_pool::add_tx(const transaction &tx, tx_verification_context& tvc, bool keeped_by_block) { crypto::hash h = null_hash; - size_t blob_size = 0; - get_transaction_hash(tx, h, blob_size); - return add_tx(tx, h, blob_size, tvc, keeped_by_block); + get_transaction_hash(tx, h); + return add_tx(tx, h, tvc, keeped_by_block); } //--------------------------------------------------------------------------------- bool tx_memory_pool::remove_transaction_keyimages(const transaction& tx) diff --git a/src/cryptonote_core/tx_pool.h b/src/cryptonote_core/tx_pool.h index 7617765cc..fb623a3d2 100644 --- a/src/cryptonote_core/tx_pool.h +++ b/src/cryptonote_core/tx_pool.h @@ -56,7 +56,7 @@ namespace cryptonote { public: tx_memory_pool(blockchain_storage& bchs); - bool add_tx(const transaction &tx, const crypto::hash &id, size_t blob_size, tx_verification_context& tvc, bool keeped_by_block); + bool add_tx(const transaction &tx, const crypto::hash &id, tx_verification_context& tvc, bool keeped_by_block); bool add_tx(const transaction &tx, tx_verification_context& tvc, bool keeped_by_block); //gets tx and remove it from pool bool take_tx(const crypto::hash &id, transaction &tx, size_t& blob_size, uint64_t& fee); @@ -81,7 +81,7 @@ namespace cryptonote /*bool flush_pool(const std::strig& folder); bool inflate_pool(const std::strig& folder);*/ -#define CURRENT_MEMPOOL_ARCHIVE_VER 8 +#define CURRENT_MEMPOOL_ARCHIVE_VER 9 template void serialize(archive_t & a, const unsigned int version) -- cgit v1.2.3