[0.19] psbt: check that various indexes and amounts are within bounds #18079
pull luke-jr wants to merge 2 commits into bitcoin:0.19 from luke-jr:psbt_fix_pr17156-0.19.1 changing 6 files +72 −4-
luke-jr commented at 10:57 pm on February 5, 2020: member
-
Don't calculate tx fees for PSBTs with invalid money values
In decodepsbt if an invalid amount is seen, don't calculate the fee but still show the invalid value in the decode. In analyze psbt, if an invalid amount is seen, set the next step to be the creator as the creator needs to remake the transaction so that it is valid. Github-Pull: #17156 Rebased-From: f1ef7f0aa46338f4cd8de79696027a1bf868f359
-
luke-jr requested review from achow101 on Feb 5, 2020
-
fanquake added the label Backport on Feb 5, 2020
-
fanquake added the label PSBT on Feb 5, 2020
-
fanquake commented at 6:14 am on February 6, 2020: member
Looks like this needs some changes:
0wallet/test/psbt_wallet_tests.cpp: In member function ‘void psbt_wallet_tests::psbt_updater_test::test_method()’: 1wallet/test/psbt_wallet_tests.cpp:77:48: error: ‘class CWallet’ has no member named ‘GetSigningProvider’ 2 const SigningProvider* provider = m_wallet.GetSigningProvider(ws1, sigdata); 3 ^ 4make[2]: *** [wallet/test/test_test_bitcoin-psbt_wallet_tests.o] Error 1
-
fanquake added the label Waiting for author on Feb 6, 2020
-
psbt: check output index is within bounds before accessing
Github-Pull: #17156 Rebased-From: deaa6dd144f5650b385658a0c4f9a014aff8dde2
-
luke-jr force-pushed on Feb 6, 2020
-
luke-jr commented at 11:23 pm on February 6, 2020: memberFixed (
SignPSBTInput
’s first argument is simply the wallet in 0.19) -
luke-jr requested review from laanwj on Feb 6, 2020
-
luke-jr requested review from MarcoFalke on Feb 6, 2020
-
luke-jr requested review from practicalswift on Feb 6, 2020
-
luke-jr requested review from promag on Feb 6, 2020
-
luke-jr requested review from Sjors on Feb 6, 2020
-
fanquake removed the label Waiting for author on Feb 6, 2020
-
laanwj commented at 12:29 pm on February 10, 2020: memberBackport looks good to me, backported test looks good to me (and passes). ACK f5fb7fca969cd43318384bec46bb7687b1a529fd
-
laanwj approved
-
laanwj referenced this in commit ba0b7e1296 on Feb 10, 2020
-
laanwj merged this on Feb 10, 2020
-
laanwj closed this on Feb 10, 2020
-
dgpv commented at 2:24 pm on February 10, 2020: contributor
The checks correctly detect the case when the sum of amounts of inputs or outputs (rather than individual amounts) exceed MoneyRange, but as AFAICT the tests do not test for these conditions.
Here’s two test PSBT that exhibit the conditions, please use them to add to the tests if you’d like:
sum of input amounts is out of valid range:
cHNidP8BAJoCAAAAAvA00BFgAm6tp86RowwH6BMImQNL5zXUcTT97XoLGz0BAAAAAAD/////8DTQEWACbq2nzpGjDAfoEwiZA0vnNdRxNP3tegsbPQEBAAAAAP////8CAPkClQAAAAAWABQo3DTHwdFy0CCa+h6+bi7VJs3tcvztApUAAAAAFgAU9yTiAXuIvg0vjC19EAqBBuCGJNQAAAAAAAEBHwAAu8VkQwQAFgAU1EyyBQKdNymMjX5teAIUYQ+kIc0AAQEfAAC7xWRDBAAWABSSuJ3ylxfvTwYlM3tgxCBvDoOVXgAAAA==
sum of output amounts is out of valid range:
cHNidP8BAHECAAAAAfA00BFgAm6tp86RowwH6BMImQNL5zXUcTT97XoLGz0BAAAAAAD/////AgAAu8VkQwQAFgAUKNw0x8HRctAgmvoevm4u1SbN7XIAALvFZEMEABYAFPck4gF7iL4NL4wtfRAKgQbghiTUAAAAAAABAR+AsU8BAAAAABYAFJUDtxf2PHo641HEOBOAIvFMNTr2AAAA
-
MarkLTZ referenced this in commit d99bc96496 on Feb 13, 2020
-
Munkybooty referenced this in commit 6696b971e2 on Dec 9, 2021
-
Munkybooty referenced this in commit 5c1e04fb24 on Dec 9, 2021
-
Munkybooty referenced this in commit 86284f11f4 on Dec 9, 2021
-
Munkybooty referenced this in commit b66b23919d on Dec 9, 2021
-
Munkybooty referenced this in commit 2688da5330 on Dec 9, 2021
-
Munkybooty referenced this in commit 1ad87663be on Dec 9, 2021
-
Munkybooty referenced this in commit 2c5ea77983 on Dec 23, 2021
-
DrahtBot locked this on Feb 15, 2022
This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-21 15:12 UTC
More mirrored repositories can be found on mirror.b10c.me