AaronFiore/electrum
1
0
Fork 0
Code Activity

paymentrequest: be explicit about only allowing "addresses"

Browse Source
This commit is contained in:
SomberNight
2018-11-14 16:04:43 +01:00
parent a266de6735
commit e059867314
3 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
electrum/paymentrequest.py
View File

@@ -132,8 +132,12 @@ class PaymentRequest:
self.details.ParseFromString(self.data.serialized_payment_details) self.details.ParseFromString(self.data.serialized_payment_details)
self.outputs = [] self.outputs = []
for o in self.details.outputs: for o in self.details.outputs:
addr = transaction.get_address_from_output_script(o.script)[1] type_, addr = transaction.get_address_from_output_script(o.script)
self.outputs.append(TxOutput(TYPE_ADDRESS, addr, o.amount)) if type_ != TYPE_ADDRESS:
# TODO maybe rm restriction but then get_requestor and get_id need changes
self.error = "only addresses are allowed as outputs"
return
self.outputs.append(TxOutput(type_, addr, o.amount))
self.memo = self.details.memo self.memo = self.details.memo
self.payment_url = self.details.payment_url self.payment_url = self.details.payment_url
@@ -195,6 +199,9 @@ class PaymentRequest:
verify = pubkey0.verify(sigBytes, x509.PREFIX_RSA_SHA256 + hashBytes) verify = pubkey0.verify(sigBytes, x509.PREFIX_RSA_SHA256 + hashBytes)
elif paymntreq.pki_type == "x509+sha1": elif paymntreq.pki_type == "x509+sha1":
verify = pubkey0.hashAndVerify(sigBytes, msgBytes) verify = pubkey0.hashAndVerify(sigBytes, msgBytes)
else:
self.error = f"ERROR: unknown pki_type {paymntreq.pki_type} in Payment Request"
return False
if not verify: if not verify:
self.error = "ERROR: Invalid Signature for Payment Request Data" self.error = "ERROR: Invalid Signature for Payment Request Data"
return False return False

5
electrum/transaction.py
View File

@@ -1030,9 +1030,10 @@ class Transaction:
if outputs: if outputs:
self._outputs.sort(key = lambda o: (o.value, self.pay_script(o.type, o.address))) self._outputs.sort(key = lambda o: (o.value, self.pay_script(o.type, o.address)))
def serialize_output(self, output: TxOutput) -> str: @classmethod
def serialize_output(cls, output: TxOutput) -> str:
s = int_to_hex(output.value, 8) s = int_to_hex(output.value, 8)
script = self.pay_script(output.type, output.address) script = cls.pay_script(output.type, output.address)
s += var_int(len(script)//2) s += var_int(len(script)//2)
s += script s += script
return s return s

11
electrum/util.py
View File

@@ -444,8 +444,7 @@ def assert_str(*args):
assert isinstance(x, str) assert isinstance(x, str)
def to_string(x, enc) -> str:
def to_string(x, enc):
if isinstance(x, (bytes, bytearray)): if isinstance(x, (bytes, bytearray)):
return x.decode(enc) return x.decode(enc)
if isinstance(x, str): if isinstance(x, str):
@@ -453,7 +452,8 @@ def to_string(x, enc):
else: else:
raise TypeError("Not a string or bytes like object") raise TypeError("Not a string or bytes like object")
def to_bytes(something, encoding='utf8'):
def to_bytes(something, encoding='utf8') -> bytes:
""" """
cast string to bytes() like object, but for python2 support it's bytearray copy cast string to bytes() like object, but for python2 support it's bytearray copy
""" """
@@ -471,16 +471,13 @@ bfh = bytes.fromhex
hfu = binascii.hexlify hfu = binascii.hexlify
def bh2u(x): def bh2u(x: bytes) -> str:
""" """
str with hex representation of a bytes-like object str with hex representation of a bytes-like object
>>> x = bytes((1, 2, 10)) >>> x = bytes((1, 2, 10))
>>> bh2u(x) >>> bh2u(x)
'01020A' '01020A'
:param x: bytes
:rtype: str
""" """
return hfu(x).decode('ascii') return hfu(x).decode('ascii')