Fix small issues found by fuzzing (#1360)

Overage and fee come from the network and may cause overflow if a message was corrupted or crafted to attack a server.
2025-02-01 17:01:09 +03:00 · 2018-08-15 20:55:25 +02:00 · 2018-08-15 20:55:25 +02:00 · 37fa413329
commit 37fa413329
parent e70ff53c3c
2 changed files with 9 additions and 5 deletions
--- a/core/src/core/committed.rs
+++ b/core/src/core/committed.rs
@ -30,6 +30,7 @@ pub enum Error {
 	Secp(secp::Error),
 	/// Kernel sums do not equal output sums.
 	KernelSumMismatch,
+	InvalidValue,
 }

 impl From<secp::Error> for Error {
@ -89,7 +90,8 @@ pub trait Committed {
 			let over_commit = {
 				let secp = static_secp_instance();
 				let secp = secp.lock().unwrap();
-				secp.commit_value(overage.abs() as u64).unwrap()
+				let overage_abs = overage.checked_abs().ok_or_else(|| Error::InvalidValue)? as u64;
+				secp.commit_value(overage_abs).unwrap()
 			};
 			if overage < 0 {
 				input_commits.push(over_commit);
--- a/core/src/core/transaction.rs
+++ b/core/src/core/transaction.rs
@ -397,7 +397,9 @@ impl Transaction {

 	/// Total fee for a transaction is the sum of fees of all kernels.
 	pub fn fee(&self) -> u64 {
-		self.kernels.iter().fold(0, |acc, ref x| acc + x.fee)
+		self.kernels
+			.iter()
+			.fold(0, |acc, ref x| acc.saturating_add(x.fee))
 	}

 	fn overage(&self) -> i64 {
@ -994,9 +996,9 @@ mod test {
 			commit: commit,
 		};

-		let block_hash = Hash::from_hex(
-			"3a42e66e46dd7633b57d1f921780a1ac715e6b93c19ee52ab714178eb3a9f673",
-		).unwrap();
+		let block_hash =
+			Hash::from_hex("3a42e66e46dd7633b57d1f921780a1ac715e6b93c19ee52ab714178eb3a9f673")
+				.unwrap();

 		let nonce = 0;