Mirrors
/
wownero
mirror of https://git.wownero.com/wownero/wownero.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

blockchain_db: harden code against invalid input types 

If an invalid input type were to get to this, the code could
remove key images that might be present already in the chain,
which could allow a double spend, even if this is impossible
with the current code.

Reported by KeyboardWarrior.
This commit is contained in:
moneromooo-monero 2021-03-24 21:42:09 +00:00
parent dcba757dd2
commit f6e2636493
No known key found for this signature in database
GPG Key ID: 686F07454D6CEFC3
1 changed files with 2 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/blockchain_db/blockchain_db.cpp
View File

@ -216,15 +216,8 @@ void BlockchainDB::add_transaction(const crypto::hash& blk_hash, const std::pair
} }
else else
{ {
LOG_PRINT_L1("Unsupported input type, removing key images and aborting transaction addition"); LOG_PRINT_L1("Unsupported input type, aborting transaction addition");
for (const txin_v& tx_input : tx.vin) throw std::runtime_error("Unexpected input type, aborting");
{
if (tx_input.type() == typeid(txin_to_key))
{
remove_spent_key(boost::get<txin_to_key>(tx_input).k_image);
}
}
return;
} }
} }