Sanitize fee rates (user input) #21893

issue MarcoFalke openend this issue on May 9, 2021
  1. MarcoFalke commented at 9:00 am on May 9, 2021: member

    It would be nice to sanitize fee rates from user input.

    For example the block min fee rate is simply parsed as int64_t value. As fee rates are multiplied by the package size, this can easily lead to overflow.

    0    if (gArgs.IsArgSet("-blockmintxfee") && ParseMoney(gArgs.GetArg("-blockmintxfee", ""), n)) {

    Assuming a maximum transaction size of at most 4MvB, this would give an upper bound for the fee rate of ~46116 BTC/kvB. Though, any fee rate larger than 1 BTC/kvB is probably nonsense and should be rejected early on startup.

  2. MarcoFalke added the label Feature on May 9, 2021
  3. ghost commented at 10:43 am on May 9, 2021: none
    Concept ACK. Always good to sanitize user input.
  4. jonatack commented at 11:13 am on May 9, 2021: contributor
    Yes. Sanitizing port numbers from user input is on my list as a follow-up to #21328, so if no one picks this up I might. Of course, someone else can pick up either of those too.
  5. aureleoules commented at 9:23 am on September 16, 2022: member
    I believe this is fixed with #22220.
  6. MarcoFalke closed this on Sep 16, 2022
  7. MarcoFalke commented at 10:03 am on September 16, 2022: member
    No, the integer overflow should still exists, see also #22044 (comment)
  8. fanquake referenced this in commit 5fc3939850 on Oct 12, 2022
  9. bitcoin locked this on Sep 16, 2023


MarcoFalke ghost jonatack aureleoules

Labels
Feature

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-23 09:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me