diff options
-rw-r--r-- | src/qt/paymentserver.h | 7 | ||||
-rw-r--r-- | src/qt/test/paymentservertests.cpp | 12 |
2 files changed, 18 insertions, 1 deletions
diff --git a/src/qt/paymentserver.h b/src/qt/paymentserver.h index 9acd99723c..42940664ec 100644 --- a/src/qt/paymentserver.h +++ b/src/qt/paymentserver.h @@ -52,6 +52,9 @@ QT_END_NAMESPACE class CWallet; +// BIP70 max payment request size in bytes (DoS protection) +extern const qint64 BIP70_MAX_PAYMENTREQUEST_SIZE; + class PaymentServer : public QObject { Q_OBJECT @@ -85,6 +88,9 @@ public: // OptionsModel is used for getting proxy settings and display unit void setOptionsModel(OptionsModel *optionsModel); + // This is now public, because we use it in paymentservertests.cpp + static bool readPaymentRequestFromFile(const QString& filename, PaymentRequestPlus& request); + signals: // Fired when a valid payment request is received void receivedPaymentRequest(SendCoinsRecipient); @@ -118,7 +124,6 @@ protected: bool eventFilter(QObject *object, QEvent *event); private: - static bool readPaymentRequestFromFile(const QString& filename, PaymentRequestPlus& request); bool processPaymentRequest(PaymentRequestPlus& request, SendCoinsRecipient& recipient); void fetchRequest(const QUrl& url); diff --git a/src/qt/test/paymentservertests.cpp b/src/qt/test/paymentservertests.cpp index 84cab01c50..8f49cb9464 100644 --- a/src/qt/test/paymentservertests.cpp +++ b/src/qt/test/paymentservertests.cpp @@ -7,6 +7,7 @@ #include "optionsmodel.h" #include "paymentrequestdata.h" +#include "random.h" #include "util.h" #include "utilstrencodings.h" @@ -108,6 +109,17 @@ void PaymentServerTests::paymentServerTests() r.paymentRequest.getMerchant(caStore, merchant); QCOMPARE(merchant, QString("")); + // Just get some random data big enough to trigger BIP70 DoS protection + unsigned char randData[BIP70_MAX_PAYMENTREQUEST_SIZE + 1]; + GetRandBytes(randData, sizeof(randData)); + // Write data to a temp file: + QTemporaryFile tempFile; + tempFile.open(); + tempFile.write((const char*)randData, sizeof(randData)); + tempFile.close(); + // Trigger BIP70 DoS protection + QCOMPARE(PaymentServer::readPaymentRequestFromFile(tempFile.fileName(), r.paymentRequest), false); + delete server; } |