AaronFiore/electrum
1
0
Fork 0
Code Activity

stricter tx deserialization: forbid junk at the end

Browse Source
This commit is contained in:
SomberNight
2018-06-12 10:51:51 +02:00
parent 0e8976856d
commit 71ce7cce6d
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/transaction.py
View File

@@ -103,6 +103,11 @@ class BCDataStream(object):
except IndexError: except IndexError:
raise SerializationError("attempt to read past end of buffer") raise SerializationError("attempt to read past end of buffer")
def can_read_more(self) -> bool:
if not self.input:
return False
return self.read_cursor < len(self.input)
def read_boolean(self): return self.read_bytes(1)[0] != chr(0) def read_boolean(self): return self.read_bytes(1)[0] != chr(0)
def read_int16(self): return self._read_num('<h') def read_int16(self): return self._read_num('<h')
def read_uint16(self): return self._read_num('<H') def read_uint16(self): return self._read_num('<H')
@@ -568,6 +573,8 @@ def deserialize(raw: str, force_full_parse=False) -> dict:
txin = d['inputs'][i] txin = d['inputs'][i]
parse_witness(vds, txin, full_parse=full_parse) parse_witness(vds, txin, full_parse=full_parse)
d['lockTime'] = vds.read_uint32() d['lockTime'] = vds.read_uint32()
if vds.can_read_more():
raise SerializationError('extra junk at the end')
return d return d