TrueCloudLab/neo-go
8
0
Fork 0
mirror of https://github.com/nspcc-dev/neo-go.git synced 2024-11-26 09:42:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

rpcsrv/params: limit tx signers/witnesses

Browse source 
Inspired by https://github.com/neo-project/neo-modules/pull/845.

Signed-off-by: Roman Khimov <roman@nspcc.ru>
This commit is contained in:
Roman Khimov 2023-11-20 16:00:30 +03:00
parent 7fb077e999
commit f6cb698cd1
2 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
pkg/services/rpcsrv/params/param.go
View file

@ -399,6 +399,9 @@ func (p Param) GetSignersWithWitnesses() ([]transaction.Signer, []transaction.Wi
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
if len(hashes) > transaction.MaxAttributes {
return nil, nil, errors.New("too many signers")
}
signers := make([]transaction.Signer, len(hashes)) signers := make([]transaction.Signer, len(hashes))
witnesses := make([]transaction.Witness, len(hashes)) witnesses := make([]transaction.Witness, len(hashes))
// try to extract hashes first // try to extract hashes first

9
pkg/services/rpcsrv/params/param_test.go
View file

@ -496,6 +496,15 @@ func TestParamGetSigners(t *testing.T) {
require.True(t, u2.Equals(actual[1].Account)) require.True(t, u2.Equals(actual[1].Account))
}) })
t.Run("overflow", func(t *testing.T) {
var hashes = make([]util.Uint256, transaction.MaxAttributes+1)
msg, err := json.Marshal(hashes)
require.NoError(t, err)
p := Param{RawMessage: msg}
_, _, err = p.GetSignersWithWitnesses()
require.Error(t, err)
})
t.Run("bad format", func(t *testing.T) { t.Run("bad format", func(t *testing.T) {
p := Param{RawMessage: []byte(`"not a signer"`)} p := Param{RawMessage: []byte(`"not a signer"`)}
_, _, err := p.GetSignersWithWitnesses() _, _, err := p.GetSignersWithWitnesses()