diff options
| author | Awemany <[email protected]> | 2017-03-28 14:52:59 +0200 |
|---|---|---|
| committer | John Newbery <[email protected]> | 2017-03-30 15:35:24 -0400 |
| commit | eb66bf9bdd5ae20c546314eb2c494ac09929970f (patch) | |
| tree | 81cd3c48c008fffb42e3722e79ccb7668fb9aea4 /src | |
| parent | Merge #10105: [tests] fixup - make all Travis test runs quiet, non just cron ... (diff) | |
| download | discoin-eb66bf9bdd5ae20c546314eb2c494ac09929970f.tar.xz discoin-eb66bf9bdd5ae20c546314eb2c494ac09929970f.zip | |
bitcoin-tx: Fix missing range check
The number of arguments is not checked MutateTxAddOutAddr(..), meaning
that
> ./bitcoin-tx -create outaddr=
accessed the vStrInputParts vector beyond its bounds.
This also includes work by jnewbery to check the inputs for
MutateTxAddPubKey()
Diffstat (limited to 'src')
| -rw-r--r-- | src/bitcoin-tx.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/bitcoin-tx.cpp b/src/bitcoin-tx.cpp index 61e0eb74e..83b855cbc 100644 --- a/src/bitcoin-tx.cpp +++ b/src/bitcoin-tx.cpp @@ -242,6 +242,9 @@ static void MutateTxAddOutAddr(CMutableTransaction& tx, const std::string& strIn std::vector<std::string> vStrInputParts; boost::split(vStrInputParts, strInput, boost::is_any_of(":")); + if (vStrInputParts.size() != 2) + throw std::runtime_error("TX output missing or too many separators"); + // Extract and validate VALUE CAmount value = ExtractAndValidateValue(vStrInputParts[0]); @@ -264,6 +267,9 @@ static void MutateTxAddOutPubKey(CMutableTransaction& tx, const std::string& str std::vector<std::string> vStrInputParts; boost::split(vStrInputParts, strInput, boost::is_any_of(":")); + if (vStrInputParts.size() < 2 || vStrInputParts.size() > 3) + throw std::runtime_error("TX output missing or too many separators"); + // Extract and validate VALUE CAmount value = ExtractAndValidateValue(vStrInputParts[0]); |