bitcoin-tx: Fix missing range check

The number of arguments is not checked MutateTxAddOutAddr(..), meaning that > ./bitcoin-tx -create outaddr= accessed the vStrInputParts vector beyond its bounds. This also includes work by jnewbery to check the inputs for MutateTxAddPubKey()
author: Awemany <awemany@protonmail.com> 2017-03-28 14:52:59 +0200
committer: John Newbery <john@johnnewbery.com> 2017-03-30 15:35:24 -0400
commit: eb66bf9bdd5ae20c546314eb2c494ac09929970f (patch)
tree: 81cd3c48c008fffb42e3722e79ccb7668fb9aea4 /src/bitcoin-tx.cpp
parent: 0b9fb682890b8fe10cec54072b809a5efe57d33d (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/bitcoin-tx.cpp b/src/bitcoin-tx.cpp
index 61e0eb74e6..83b855cbcf 100644
--- a/src/bitcoin-tx.cpp
+++ b/src/bitcoin-tx.cpp
@@ -242,6 +242,9 @@ static void MutateTxAddOutAddr(CMutableTransaction& tx, const std::string& strIn
     std::vector<std::string> vStrInputParts;
     boost::split(vStrInputParts, strInput, boost::is_any_of(":"));
 
+    if (vStrInputParts.size() != 2)
+        throw std::runtime_error("TX output missing or too many separators");
+
     // Extract and validate VALUE
     CAmount value = ExtractAndValidateValue(vStrInputParts[0]);
 
@@ -264,6 +267,9 @@ static void MutateTxAddOutPubKey(CMutableTransaction& tx, const std::string& str
     std::vector<std::string> vStrInputParts;
     boost::split(vStrInputParts, strInput, boost::is_any_of(":"));
 
+    if (vStrInputParts.size() < 2 || vStrInputParts.size() > 3)
+        throw std::runtime_error("TX output missing or too many separators");
+
     // Extract and validate VALUE
     CAmount value = ExtractAndValidateValue(vStrInputParts[0]);
author	Awemany <awemany@protonmail.com>	2017-03-28 14:52:59 +0200
committer	John Newbery <john@johnnewbery.com>	2017-03-30 15:35:24 -0400
commit	eb66bf9bdd5ae20c546314eb2c494ac09929970f (patch)
tree	81cd3c48c008fffb42e3722e79ccb7668fb9aea4 /src/bitcoin-tx.cpp
parent	0b9fb682890b8fe10cec54072b809a5efe57d33d (diff)