From a6516686dcf0b93dd0bcae304e74f9ac69cb305c Mon Sep 17 00:00:00 2001 From: Philip Kaufmann Date: Fri, 9 Jan 2015 14:25:43 +0100 Subject: [Qt] prevent amount overflow problem with payment requests Bitcoin amounts are stored as uint64 in the protobuf messages (see paymentrequest.proto), but CAmount is defined as int64_t. Because of that we need to verify that single and accumulated amounts are in a valid range and no variable overflow has happened. - fixes #5624 (#5622) Thanks @SergioDemianLerner for reporting that issue and also supplying us with a possible solution. - add static verifyAmount() function to PaymentServer and move the logging on error into the function - also add a unit test to paymentservertests.cpp --- src/qt/paymentserver.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/qt/paymentserver.h') diff --git a/src/qt/paymentserver.h b/src/qt/paymentserver.h index db5f44ff1d..6bf5ac2eea 100644 --- a/src/qt/paymentserver.h +++ b/src/qt/paymentserver.h @@ -95,6 +95,8 @@ public: static bool verifyNetwork(const payments::PaymentDetails& requestDetails); // Verify if the payment request is expired static bool verifyExpired(const payments::PaymentDetails& requestDetails); + // Verify the payment request amount is valid + static bool verifyAmount(const CAmount& requestAmount); signals: // Fired when a valid payment request is received -- cgit v1.2.3