diff options
author | Philip Kaufmann <phil.kaufmann@t-online.de> | 2015-01-09 14:25:43 +0100 |
---|---|---|
committer | Philip Kaufmann <phil.kaufmann@t-online.de> | 2015-02-04 13:47:32 +0100 |
commit | a6516686dcf0b93dd0bcae304e74f9ac69cb305c (patch) | |
tree | 44d9394cf2c1ac085f2815c8b55f1539f9c2d3c7 /src/qt/test/paymentservertests.cpp | |
parent | 31dedb463b0ce77364e516239bf1b9c7eed5b3b0 (diff) | |
download | bitcoin-a6516686dcf0b93dd0bcae304e74f9ac69cb305c.tar.xz |
[Qt] prevent amount overflow problem with payment requests
Bitcoin amounts are stored as uint64 in the protobuf messages (see
paymentrequest.proto), but CAmount is defined as int64_t. Because
of that we need to verify that single and accumulated amounts are
in a valid range and no variable overflow has happened.
- fixes #5624 (#5622)
Thanks @SergioDemianLerner for reporting that issue and also supplying us
with a possible solution.
- add static verifyAmount() function to PaymentServer and move the logging
on error into the function
- also add a unit test to paymentservertests.cpp
Diffstat (limited to 'src/qt/test/paymentservertests.cpp')
-rw-r--r-- | src/qt/test/paymentservertests.cpp | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/qt/test/paymentservertests.cpp b/src/qt/test/paymentservertests.cpp index 04935192c8..e2ec439b2e 100644 --- a/src/qt/test/paymentservertests.cpp +++ b/src/qt/test/paymentservertests.cpp @@ -7,7 +7,10 @@ #include "optionsmodel.h" #include "paymentrequestdata.h" +#include "amount.h" #include "random.h" +#include "script/script.h" +#include "script/standard.h" #include "util.h" #include "utilstrencodings.h" @@ -184,6 +187,20 @@ void PaymentServerTests::paymentServerTests() tempFile.close(); QCOMPARE(PaymentServer::readPaymentRequestFromFile(tempFile.fileName(), r.paymentRequest), false); + // Payment request with amount overflow (amount is set to 21000001 BTC): + data = DecodeBase64(paymentrequest5_cert2_BASE64); + byteArray = QByteArray((const char*)&data[0], data.size()); + r.paymentRequest.parse(byteArray); + // Ensure the request is initialized + QVERIFY(r.paymentRequest.IsInitialized()); + // Extract address and amount from the request + QList<std::pair<CScript, CAmount> > sendingTos = r.paymentRequest.getPayTo(); + foreach (const PAIRTYPE(CScript, CAmount)& sendingTo, sendingTos) { + CTxDestination dest; + if (ExtractDestination(sendingTo.first, dest)) + QCOMPARE(PaymentServer::verifyAmount(sendingTo.second), false); + } + delete server; } |