aboutsummaryrefslogtreecommitdiff
path: root/src/qt/paymentserver.cpp
diff options
context:
space:
mode:
authorPhilip Kaufmann <phil.kaufmann@t-online.de>2014-11-19 12:53:57 +0100
committerPhilip Kaufmann <phil.kaufmann@t-online.de>2014-12-08 16:08:59 +0100
commit31f84944a5f6f1aa07e36e7700e9ab16be88aa42 (patch)
treeff034e37cefcb11bfabf34d3a2bb354efee0ca3c /src/qt/paymentserver.cpp
parent2284ccbd13f145e913e2a77ba5ddd04d995bce14 (diff)
[Qt] add BIP70 payment request size DoS protection for URIs
- current code only does this for payment request files, which are used on Mac - also rename readPaymentRequest to readPaymentRequestFromFile, so it's obvious that function only handles payment request files and not URIs - small logging changes in readPaymentRequestFromFile
Diffstat (limited to 'src/qt/paymentserver.cpp')
-rw-r--r--src/qt/paymentserver.cpp44
1 files changed, 32 insertions, 12 deletions
diff --git a/src/qt/paymentserver.cpp b/src/qt/paymentserver.cpp
index 95f7937552..d6e396b211 100644
--- a/src/qt/paymentserver.cpp
+++ b/src/qt/paymentserver.cpp
@@ -226,7 +226,7 @@ void PaymentServer::ipcParseCommandLine(int argc, char* argv[])
savedPaymentRequests.append(arg);
PaymentRequestPlus request;
- if (readPaymentRequest(arg, request))
+ if (readPaymentRequestFromFile(arg, request))
{
if (request.getDetails().network() == "main")
{
@@ -452,7 +452,7 @@ void PaymentServer::handleURIOrFile(const QString& s)
{
PaymentRequestPlus request;
SendCoinsRecipient recipient;
- if (!readPaymentRequest(s, request))
+ if (!readPaymentRequestFromFile(s, request))
{
emit message(tr("Payment request file handling"),
tr("Payment request file cannot be read! This can be caused by an invalid payment request file."),
@@ -486,18 +486,25 @@ void PaymentServer::handleURIConnection()
handleURIOrFile(msg);
}
-bool PaymentServer::readPaymentRequest(const QString& filename, PaymentRequestPlus& request)
+//
+// Warning: readPaymentRequestFromFile() is used in ipcSendCommandLine()
+// so don't use "emit message()", but "QMessageBox::"!
+//
+bool PaymentServer::readPaymentRequestFromFile(const QString& filename, PaymentRequestPlus& request)
{
QFile f(filename);
- if (!f.open(QIODevice::ReadOnly))
- {
- qWarning() << "PaymentServer::readPaymentRequest : Failed to open " << filename;
+ if (!f.open(QIODevice::ReadOnly)) {
+ qWarning() << QString("PaymentServer::%1: Failed to open %2").arg(__func__).arg(filename);
return false;
}
- if (f.size() > BIP70_MAX_PAYMENTREQUEST_SIZE)
- {
- qWarning() << "PaymentServer::readPaymentRequest : " << filename << " too large";
+ // BIP70 DoS protection
+ if (f.size() > BIP70_MAX_PAYMENTREQUEST_SIZE) {
+ qWarning() << QString("PaymentServer::%1: Payment request %2 is too large (%3 bytes, allowed %4 bytes).")
+ .arg(__func__)
+ .arg(filename)
+ .arg(f.size())
+ .arg(BIP70_MAX_PAYMENTREQUEST_SIZE);
return false;
}
@@ -657,13 +664,26 @@ void PaymentServer::fetchPaymentACK(CWallet* wallet, SendCoinsRecipient recipien
void PaymentServer::netRequestFinished(QNetworkReply* reply)
{
reply->deleteLater();
- if (reply->error() != QNetworkReply::NoError)
- {
+
+ // BIP70 DoS protection
+ if (reply->size() > BIP70_MAX_PAYMENTREQUEST_SIZE) {
+ QString msg = tr("Payment request %2 is too large (%3 bytes, allowed %4 bytes).")
+ .arg(__func__)
+ .arg(reply->request().url().toString())
+ .arg(reply->size())
+ .arg(BIP70_MAX_PAYMENTREQUEST_SIZE);
+
+ qWarning() << QString("PaymentServer::%1:").arg(__func__) << msg;
+ emit message(tr("Payment request DoS protection"), msg, CClientUIInterface::MSG_ERROR);
+ return;
+ }
+
+ if (reply->error() != QNetworkReply::NoError) {
QString msg = tr("Error communicating with %1: %2")
.arg(reply->request().url().toString())
.arg(reply->errorString());
- qWarning() << "PaymentServer::netRequestFinished : " << msg;
+ qWarning() << "PaymentServer::netRequestFinished: " << msg;
emit message(tr("Payment request error"), msg, CClientUIInterface::MSG_ERROR);
return;
}