diff options
author | Awemany <awemany@protonmail.com> | 2017-03-28 14:52:59 +0200 |
---|---|---|
committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2017-03-31 11:47:50 +0200 |
commit | 04c21afcdf0ed664c1fddff17d066cc2de552b54 (patch) | |
tree | 8b07ab28f841dfc1329bae050620b92b67baccb5 | |
parent | b768202695a090a48b77ce9873267d5ec29b8845 (diff) | |
download | bitcoin-04c21afcdf0ed664c1fddff17d066cc2de552b54.tar.xz |
bitcoin-tx: Fix missing range check
The number of arguments is not checked MutateTxAddOutAddr(..), meaning
that
> ./bitcoin-tx -create outaddr=
accessed the vStrInputParts vector beyond its bounds.
This also includes work by jnewbery to check the inputs for
MutateTxAddPubKey()
Github-Pull: #10130
Rebased-From: eb66bf9bdd5ae20c546314eb2c494ac09929970f
-rw-r--r-- | src/bitcoin-tx.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/bitcoin-tx.cpp b/src/bitcoin-tx.cpp index 3c3646523a..43fa3fdfb9 100644 --- a/src/bitcoin-tx.cpp +++ b/src/bitcoin-tx.cpp @@ -242,6 +242,9 @@ static void MutateTxAddOutAddr(CMutableTransaction& tx, const std::string& strIn std::vector<std::string> vStrInputParts; boost::split(vStrInputParts, strInput, boost::is_any_of(":")); + if (vStrInputParts.size() != 2) + throw std::runtime_error("TX output missing or too many separators"); + // Extract and validate VALUE CAmount value = ExtractAndValidateValue(vStrInputParts[0]); @@ -264,6 +267,9 @@ static void MutateTxAddOutPubKey(CMutableTransaction& tx, const std::string& str std::vector<std::string> vStrInputParts; boost::split(vStrInputParts, strInput, boost::is_any_of(":")); + if (vStrInputParts.size() < 2 || vStrInputParts.size() > 3) + throw std::runtime_error("TX output missing or too many separators"); + // Extract and validate VALUE CAmount value = ExtractAndValidateValue(vStrInputParts[0]); |