Better handle invalid parameters to signrawtransaction #9650

pull TheBlueMatt wants to merge 5 commits into bitcoin:master from TheBlueMatt:2017-01-better-signraw changing 3 files +36 −4

TheBlueMatt commented at 4:39 pm on January 28, 2017: member

Based on #9634.

I remembered why I wrote that to begin with - I was trying to merge signatures from untrusted parties and realized they could cause a DoS by crashing my bitcoind.

This silently skips trying to merge signatures from inputs which do not exist from transactions provided to signrawtransaction, instead of hitting an assert.
fanquake added the label RPC/REST/ZMQ on Jan 28, 2017
laanwj added this to the milestone 0.14.0 on Feb 2, 2017
TheBlueMatt commented at 9:26 pm on February 2, 2017: member

Add test cases here for both this PR and #9634. The test fail if either is reverted.

in qa/rpc-tests/signrawtransactions.py: in c80d846e67 outdated

84+        for i, inp in enumerate(inputs):
85+            assert_equal(decodedRawTx["vin"][i]["txid"], inp["txid"])
86+            assert_equal(decodedRawTx["vin"][i]["vout"], inp["vout"])
87+
88+        # Make sure decoderawtransaction throws if there is extra data
89+        try:

MarcoFalke commented at 9:36 pm on February 2, 2017:

Nit: The following is usually referred to as `assert_raises(JSONRPCException, self.nodes…

Fail in DecodeHexTx if there is extra data at the end 7ea0ad539f

Better handle invalid parameters to signrawtransaction

This silently skips trying to merge signatures from inputs which
do not exist from transactions provided to signrawtransaction,
instead of hitting an assert.

922bea90c2

[qa] Test that decoderawtransaction throws with extra data appended 691710a648
[qa] Add second input to signrawtransaction test case ec4f7e433e

in qa/rpc-tests/signrawtransactions.py: in 9e6b4c1ee9 outdated

53+        rawTxUnsigned = self.nodes[0].signrawtransaction(rawTx + dummyTxInconsistent, inputs)
54+
55+        assert 'complete' in rawTxUnsigned
56+        assert_equal(rawTxUnsigned['complete'], False)
57+
58+        # Check that signrawtransaction properly merges unsigned and signed txn, even with garbate in the middle

jtimon commented at 9:55 pm on February 2, 2017:

s/garbate/garbage/ ? (if so, same above)

TheBlueMatt force-pushed on Feb 2, 2017
TheBlueMatt commented at 10:32 pm on February 2, 2017: member

Fixed review nits.
[qa] test signrawtransaction merge with missing inputs 6dbfe08c29
TheBlueMatt force-pushed on Feb 2, 2017
TheBlueMatt commented at 10:41 pm on February 2, 2017: member

Fixed another “garbage” misspelling….
laanwj commented at 1:49 pm on February 6, 2017: member

utACK 6dbfe08 (seems a simple extension of #9634, which I had reviewed before)
laanwj merged this on Feb 6, 2017
laanwj closed this on Feb 6, 2017
laanwj referenced this in commit 40f7e27d25 on Feb 6, 2017
jnewbery commented at 4:21 pm on February 17, 2017: member
Apologies - post merge question/comment. The new code in DecodeHexTx adds this check for witness transactions not having junk bytes:
0 if (!ssData.empty()) 1 return false;
12 lines above is a check for non-witness transactions not having junk bytes:
0 if (ssData.eof()) { 1 return true;
I’m pretty sure that ssData.eof() and ssData.empty() will both be false if there are junk bytes remaining in the CDataStream.

Any reason why you’ve used a different function call? It’s a bit confusing for someone reading the code for the first time.
codablock referenced this in commit 2f6e48fcce on Feb 7, 2018
codablock referenced this in commit 54f01a88f0 on Feb 7, 2018
codablock referenced this in commit 611b31ecea on Feb 7, 2018
andvgal referenced this in commit f51e22f6dc on Jan 6, 2019
CryptoCentric referenced this in commit a1f5233ee8 on Feb 28, 2019
CryptoCentric referenced this in commit 0fa93c3e93 on Mar 2, 2019
DrahtBot locked this on Sep 8, 2021

Contributors
TheBlueMatt MarcoFalke jtimon laanwj jnewbery

Labels
RPC/REST/ZMQ

Milestone
0.14.0