Better handle invalid parameters to signrawtransaction #9650
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Add test cases here for both this PR and #9634. The test fail if either is reverted. |
maflcko
reviewed
Feb 2, 2017
qa/rpc-tests/signrawtransactions.py
Outdated
| assert_equal(decodedRawTx["vin"][i]["vout"], inp["vout"]) | ||
|
|
||
| # Make sure decoderawtransaction throws if there is extra data | ||
| try: |
There was a problem hiding this comment.
Nit: The following is usually referred to as `assert_raises(JSONRPCException, self.nodes...
jtimon
reviewed
Feb 2, 2017
qa/rpc-tests/signrawtransactions.py
Outdated
| assert 'complete' in rawTxUnsigned | ||
| assert_equal(rawTxUnsigned['complete'], False) | ||
|
|
||
| # Check that signrawtransaction properly merges unsigned and signed txn, even with garbate in the middle |
There was a problem hiding this comment.
s/garbate/garbage/ ? (if so, same above)
This silently skips trying to merge signatures from inputs which do not exist from transactions provided to signrawtransaction, instead of hitting an assert.
TheBlueMatt
force-pushed
the
2017-01-better-signraw
branch
from
9e6b4c1 to
ab7b4c7
Compare
|
Fixed review nits. |
TheBlueMatt
force-pushed
the
2017-01-better-signraw
branch
from
ab7b4c7 to
6dbfe08
Compare
|
Fixed another "garbage" misspelling.... |
laanwj
added a commit
that referenced
this pull request
Feb 6, 2017
6dbfe08 [qa] test signrawtransaction merge with missing inputs (Matt Corallo) ec4f7e4 [qa] Add second input to signrawtransaction test case (Matt Corallo) 691710a [qa] Test that decoderawtransaction throws with extra data appended (Matt Corallo) 922bea9 Better handle invalid parameters to signrawtransaction (Matt Corallo) 7ea0ad5 Fail in DecodeHexTx if there is extra data at the end (Matt Corallo)
|
Apologies - post merge question/comment. The new code in DecodeHexTx adds this check for witness transactions not having junk bytes: 12 lines above is a check for non-witness transactions not having junk bytes: I'm pretty sure that Any reason why you've used a different function call? It's a bit confusing for someone reading the code for the first time. |
codablock
pushed a commit
to codablock/dash
that referenced
this pull request
Feb 7, 2018
…ction 6dbfe08 [qa] test signrawtransaction merge with missing inputs (Matt Corallo) ec4f7e4 [qa] Add second input to signrawtransaction test case (Matt Corallo) 691710a [qa] Test that decoderawtransaction throws with extra data appended (Matt Corallo) 922bea9 Better handle invalid parameters to signrawtransaction (Matt Corallo) 7ea0ad5 Fail in DecodeHexTx if there is extra data at the end (Matt Corallo)
andvgal
pushed a commit
to energicryptocurrency/gen2-energi
that referenced
this pull request
Jan 6, 2019
…ction 6dbfe08 [qa] test signrawtransaction merge with missing inputs (Matt Corallo) ec4f7e4 [qa] Add second input to signrawtransaction test case (Matt Corallo) 691710a [qa] Test that decoderawtransaction throws with extra data appended (Matt Corallo) 922bea9 Better handle invalid parameters to signrawtransaction (Matt Corallo) 7ea0ad5 Fail in DecodeHexTx if there is extra data at the end (Matt Corallo)
CryptoCentric
pushed a commit
to absolute-community/absolute
that referenced
this pull request
Feb 28, 2019
…ction 6dbfe08 [qa] test signrawtransaction merge with missing inputs (Matt Corallo) ec4f7e4 [qa] Add second input to signrawtransaction test case (Matt Corallo) 691710a [qa] Test that decoderawtransaction throws with extra data appended (Matt Corallo) 922bea9 Better handle invalid parameters to signrawtransaction (Matt Corallo) 7ea0ad5 Fail in DecodeHexTx if there is extra data at the end (Matt Corallo)
CryptoCentric
pushed a commit
to absolute-community/absolute
that referenced
this pull request
Mar 2, 2019
…ction 6dbfe08 [qa] test signrawtransaction merge with missing inputs (Matt Corallo) ec4f7e4 [qa] Add second input to signrawtransaction test case (Matt Corallo) 691710a [qa] Test that decoderawtransaction throws with extra data appended (Matt Corallo) 922bea9 Better handle invalid parameters to signrawtransaction (Matt Corallo) 7ea0ad5 Fail in DecodeHexTx if there is extra data at the end (Matt Corallo)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Based on #9634.
I remembered why I wrote that to begin with - I was trying to merge signatures from untrusted parties and realized they could cause a DoS by crashing my bitcoind.
This silently skips trying to merge signatures from inputs which
do not exist from transactions provided to signrawtransaction,
instead of hitting an assert.