aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/qt/paymentserver.h7
-rw-r--r--src/qt/test/paymentservertests.cpp12
2 files changed, 18 insertions, 1 deletions
diff --git a/src/qt/paymentserver.h b/src/qt/paymentserver.h
index 9acd99723c..42940664ec 100644
--- a/src/qt/paymentserver.h
+++ b/src/qt/paymentserver.h
@@ -52,6 +52,9 @@ QT_END_NAMESPACE
class CWallet;
+// BIP70 max payment request size in bytes (DoS protection)
+extern const qint64 BIP70_MAX_PAYMENTREQUEST_SIZE;
+
class PaymentServer : public QObject
{
Q_OBJECT
@@ -85,6 +88,9 @@ public:
// OptionsModel is used for getting proxy settings and display unit
void setOptionsModel(OptionsModel *optionsModel);
+ // This is now public, because we use it in paymentservertests.cpp
+ static bool readPaymentRequestFromFile(const QString& filename, PaymentRequestPlus& request);
+
signals:
// Fired when a valid payment request is received
void receivedPaymentRequest(SendCoinsRecipient);
@@ -118,7 +124,6 @@ protected:
bool eventFilter(QObject *object, QEvent *event);
private:
- static bool readPaymentRequestFromFile(const QString& filename, PaymentRequestPlus& request);
bool processPaymentRequest(PaymentRequestPlus& request, SendCoinsRecipient& recipient);
void fetchRequest(const QUrl& url);
diff --git a/src/qt/test/paymentservertests.cpp b/src/qt/test/paymentservertests.cpp
index 84cab01c50..8f49cb9464 100644
--- a/src/qt/test/paymentservertests.cpp
+++ b/src/qt/test/paymentservertests.cpp
@@ -7,6 +7,7 @@
#include "optionsmodel.h"
#include "paymentrequestdata.h"
+#include "random.h"
#include "util.h"
#include "utilstrencodings.h"
@@ -108,6 +109,17 @@ void PaymentServerTests::paymentServerTests()
r.paymentRequest.getMerchant(caStore, merchant);
QCOMPARE(merchant, QString(""));
+ // Just get some random data big enough to trigger BIP70 DoS protection
+ unsigned char randData[BIP70_MAX_PAYMENTREQUEST_SIZE + 1];
+ GetRandBytes(randData, sizeof(randData));
+ // Write data to a temp file:
+ QTemporaryFile tempFile;
+ tempFile.open();
+ tempFile.write((const char*)randData, sizeof(randData));
+ tempFile.close();
+ // Trigger BIP70 DoS protection
+ QCOMPARE(PaymentServer::readPaymentRequestFromFile(tempFile.fileName(), r.paymentRequest), false);
+
delete server;
}