Consistently validate txid / blockhash length and encoding in rpc calls #13424

pull Empact wants to merge 1 commits into bitcoin:master from Empact:parse-hash-v changing 14 files +58 −59
  1. Empact commented at 6:49 pm on June 8, 2018: member

    ParseHashV validates the length and encoding of the string and throws an informative RPC error on failure, which is as good or better than these alternative calls.

    Note I switched ParseHashV to check string length first, because IsHex tests that the length is even, and an error like: “must be of length 64 (not 63, for X)” is much more informative than “must be hexadecimal string (not X)” in that case.

    Split from #13420

  2. in src/rpc/mining.cpp:250 in a20130c023 outdated 
    246@@ -247,7 +247,7 @@ static UniValue prioritisetransaction(const JSONRPCRequest& request)
247 
248     LOCK(cs_main);
249 
250-    uint256 hash = ParseHashStr(request.params[0].get_str(), "txid");
251+    uint256 hash = ParseHashV(request.params[0], "txid");
    Empact commented at 6:50 pm on June 8, 2018:
    Note this trades ParseHashStr’s std::runtime_error-based encoding-only test for ParseHashV’s JSONRPCError-based length and encoding tests.
  3. Empact force-pushed on Jun 8, 2018
  4. Empact force-pushed on Jun 8, 2018
  5. fanquake added the label Refactoring on Jun 9, 2018
  6. promag commented at 9:25 pm on June 10, 2018: member

    How about getchaintxstats?https://github.com/bitcoin/bitcoin/blob/56f69360dc98bd68704f19646a84d045788d199e/src/rpc/blockchain.cpp#L1575

    And there may be other examples.

    Concept ACK.

  7. Empact force-pushed on Jun 10, 2018
  8. Empact force-pushed on Jun 10, 2018
  9. Empact force-pushed on Jun 11, 2018
  10. Empact force-pushed on Jun 11, 2018
  11. Empact commented at 2:58 am on June 11, 2018: member
    Thanks @promag, I audited uint256S use and found 4 more cases. Also added more testing wherever the test outcomes changed.
  12. Empact force-pushed on Jun 11, 2018
  13. Empact renamed this:
    Consistently use ParseHashV to validate hash inputs in rpc
    Validate txid / blockhash length and encoding separately from validity/presence in rpc calls
    on Jun 11, 2018
  14. Empact renamed this:
    Validate txid / blockhash length and encoding separately from validity/presence in rpc calls
    Validate txid / blockhash length and encoding separately from validity / presence in rpc calls
    on Jun 11, 2018
  15. Empact renamed this:
    Validate txid / blockhash length and encoding separately from validity / presence in rpc calls
    Validate txid / blockhash length and encoding separate from validity / presence in rpc calls
    on Jun 11, 2018
  16. Empact force-pushed on Jun 11, 2018
  17. Empact commented at 3:30 am on June 11, 2018: member
    Made the get_str call guaranteed, which means non-string values fail with -1, "JSON value is not a string as expected", rather than a length failure.
  18. Empact renamed this:
    Validate txid / blockhash length and encoding separate from validity / presence in rpc calls
    Consistently validate txid / blockhash length and encoding in rpc calls
    on Jun 11, 2018
  19. DrahtBot commented at 8:27 pm on June 14, 2018: member
    • #14307 (Consolidate redundant implementations of ParseHashStr by Empact)
    • #12153 (Avoid permanent cs_main lock in getblockheader by promag)
    • #10973 (Refactor: separate wallet from node by ryanofsky)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  20. DrahtBot commented at 10:35 pm on August 2, 2018: member
  21. DrahtBot closed this on Aug 2, 2018
  22. DrahtBot reopened this on Aug 2, 2018
  23. kallewoof commented at 4:30 am on August 7, 2018: member

    utACK

    Small nit: you’re mixing uint256 hash = ParseHashV(...) and uint256 hash(ParseHashV(...)). Would be cool to do only one (latter one looks better IMO but either works).

  24. Consistently use ParseHashV to validate hash inputs in rpc 
    ParseHashV validates the length and encoding of the string and throws
an informative RPC error on failure, which is as good or better than
these alternative calls.

Note I switched ParseHashV to check string length first, because
IsHex tests that the length is even, and an error like:
"must be of length 64 (not 63, for X)" is much more informative than
"must be hexadecimal string (not X)"
    5eb20f81d9
  25. Empact force-pushed on Aug 7, 2018
  26. Empact commented at 4:51 pm on August 7, 2018: member
    @kallewoof fair enough since I’m touching those lines anyway. Updated.
  27. kallewoof commented at 5:47 am on August 8, 2018: member
    re-utACK 5eb20f81d9568284dca735e4f770f41a48aa5660
  28. MarcoFalke commented at 12:59 pm on August 8, 2018: member
    utACK 5eb20f81d9568284dca735e4f770f41a48aa5660
  29. MarcoFalke merged this on Sep 24, 2018
  30. MarcoFalke closed this on Sep 24, 2018
  31. MarcoFalke referenced this in commit 37612099ec on Sep 24, 2018
  32. deadalnix referenced this in commit 07cc225cf5 on Feb 18, 2020
  33. ftrader referenced this in commit 39392f72df on Apr 16, 2020
  34. pravblockc referenced this in commit 6faf808461 on Jul 23, 2021
  35. MarcoFalke locked this on Sep 8, 2021


Empact promag DrahtBot kallewoof MarcoFalke

Labels
Refactoring

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-07-03 13:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me