From 4b9443809dc79665c1f77b18a7b0af3adaced4c0 Mon Sep 17 00:00:00 2001 From: blondfrogs Date: Mon, 23 Dec 2019 11:07:39 -0700 Subject: [PATCH 1/2] Fix script size check by gu3 --- src/script/script.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/script/script.cpp b/src/script/script.cpp index aba737eb5a..2e154834ff 100644 --- a/src/script/script.cpp +++ b/src/script/script.cpp @@ -244,7 +244,7 @@ bool CScript::IsAssetScript(int& nType, bool& isOwner) const bool CScript::IsAssetScript(int& nType, bool& fIsOwner, int& nStartingIndex) const { - if (this->size() > 30) { + if (this->size() > 31) { if ((*this)[25] == OP_RVN_ASSET) { // OP_RVN_ASSET is always in the 25 index of the script if it exists int index = -1; if ((*this)[27] == RVN_R) { // Check to see if RVN starts at 27 ( this->size() < 105) From 77fdb75011095d9526a671029abe5e36aabeee1d Mon Sep 17 00:00:00 2001 From: blondfrogs Date: Thu, 2 Jan 2020 10:31:29 -0700 Subject: [PATCH 2/2] Update restricted assets checks --- src/assets/assets.cpp | 17 +++++++++++++---- src/consensus/tx_verify.cpp | 3 +++ 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/assets/assets.cpp b/src/assets/assets.cpp index a0d6741225..a241c57312 100644 --- a/src/assets/assets.cpp +++ b/src/assets/assets.cpp @@ -205,6 +205,11 @@ bool IsAssetNameASubQualifier(const std::string& name) bool IsAssetNameValid(const std::string& name, AssetType& assetType, std::string& error) { + // Do a max length check first to stop the possibility of a stack exhaustion. + // We check for a value that is larger than the max asset name + if (name.length() > 40) + return false; + assetType = AssetType::INVALID; if (std::regex_match(name, UNIQUE_INDICATOR)) { @@ -900,6 +905,14 @@ bool AssetNullVerifierDataFromScript(const CScript& scriptPubKey, CNullAssetTxVe //! Call VerifyNewAsset if this function returns true bool CTransaction::IsNewAsset() const { + // New Asset transaction will always have at least three outputs. + // 1. Owner Token output + // 2. Issue Asset output + // 3. RVN Burn Fee + if (vout.size() < 3) { + return false; + } + // Check for the assets data CTxOut. This will always be the last output in the transaction if (!CheckIssueDataTx(vout[vout.size() - 1])) return false; @@ -5292,10 +5305,6 @@ bool CheckNewAsset(const CNewAsset& asset, std::string& strError) } } - if (assetType == AssetType::RESTRICTED) { - // TODO add more restricted asset checks - } - if (IsAssetNameAnOwner(std::string(asset.strName))) { strError = _("Invalid parameters: asset_name can't have a '!' at the end of it. See help for more details."); return false; diff --git a/src/consensus/tx_verify.cpp b/src/consensus/tx_verify.cpp index b6ba19ebf3..410086e9c6 100644 --- a/src/consensus/tx_verify.cpp +++ b/src/consensus/tx_verify.cpp @@ -329,6 +329,9 @@ bool CheckTransaction(const CTransaction& tx, CValidationState &state, bool fChe } for (auto name: setNullGlobalAssetChanges) { + if (name.size() == 0) + return state.DoS(100, false, REJECT_INVALID,"bad-txns-tx-contains-global-asset-null-tx-with-null-asset-name"); + std::string rootName = name.substr(1, name.size()); // $TOKEN into TOKEN if (!setAssetTransferNames.count(rootName + OWNER_TAG)) { return state.DoS(100, false, REJECT_INVALID, "bad-txns-tx-contains-global-asset-null-tx-without-asset-transfer");