From 37fa413329b871747157466b861a2e83f10fc29b Mon Sep 17 00:00:00 2001 From: hashmap Date: Wed, 15 Aug 2018 20:55:25 +0200 Subject: [PATCH] Fix small issues found by fuzzing (#1360) Overage and fee come from the network and may cause overflow if a message was corrupted or crafted to attack a server. --- core/src/core/committed.rs | 4 +++- core/src/core/transaction.rs | 10 ++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/core/src/core/committed.rs b/core/src/core/committed.rs index 390d9230e..22e2c3b8e 100644 --- a/core/src/core/committed.rs +++ b/core/src/core/committed.rs @@ -30,6 +30,7 @@ pub enum Error { Secp(secp::Error), /// Kernel sums do not equal output sums. KernelSumMismatch, + InvalidValue, } impl From for Error { @@ -89,7 +90,8 @@ pub trait Committed { let over_commit = { let secp = static_secp_instance(); let secp = secp.lock().unwrap(); - secp.commit_value(overage.abs() as u64).unwrap() + let overage_abs = overage.checked_abs().ok_or_else(|| Error::InvalidValue)? as u64; + secp.commit_value(overage_abs).unwrap() }; if overage < 0 { input_commits.push(over_commit); diff --git a/core/src/core/transaction.rs b/core/src/core/transaction.rs index 3673fe7d2..eec26e55e 100644 --- a/core/src/core/transaction.rs +++ b/core/src/core/transaction.rs @@ -397,7 +397,9 @@ impl Transaction { /// Total fee for a transaction is the sum of fees of all kernels. pub fn fee(&self) -> u64 { - self.kernels.iter().fold(0, |acc, ref x| acc + x.fee) + self.kernels + .iter() + .fold(0, |acc, ref x| acc.saturating_add(x.fee)) } fn overage(&self) -> i64 { @@ -994,9 +996,9 @@ mod test { commit: commit, }; - let block_hash = Hash::from_hex( - "3a42e66e46dd7633b57d1f921780a1ac715e6b93c19ee52ab714178eb3a9f673", - ).unwrap(); + let block_hash = + Hash::from_hex("3a42e66e46dd7633b57d1f921780a1ac715e6b93c19ee52ab714178eb3a9f673") + .unwrap(); let nonce = 0;