forked from TrueCloudLab/neoneo-go
rpcsrv/params: limit tx signers/witnesses
Inspired by https://github.com/neo-project/neo-modules/pull/845. Signed-off-by: Roman Khimov <roman@nspcc.ru>
This commit is contained in:
parent
7fb077e999
commit
f6cb698cd1
2 changed files with 12 additions and 0 deletions
|
@ -399,6 +399,9 @@ func (p Param) GetSignersWithWitnesses() ([]transaction.Signer, []transaction.Wi
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
|
if len(hashes) > transaction.MaxAttributes {
|
||||||
|
return nil, nil, errors.New("too many signers")
|
||||||
|
}
|
||||||
signers := make([]transaction.Signer, len(hashes))
|
signers := make([]transaction.Signer, len(hashes))
|
||||||
witnesses := make([]transaction.Witness, len(hashes))
|
witnesses := make([]transaction.Witness, len(hashes))
|
||||||
// try to extract hashes first
|
// try to extract hashes first
|
||||||
|
|
|
@ -496,6 +496,15 @@ func TestParamGetSigners(t *testing.T) {
|
||||||
require.True(t, u2.Equals(actual[1].Account))
|
require.True(t, u2.Equals(actual[1].Account))
|
||||||
})
|
})
|
||||||
|
|
||||||
|
t.Run("overflow", func(t *testing.T) {
|
||||||
|
var hashes = make([]util.Uint256, transaction.MaxAttributes+1)
|
||||||
|
msg, err := json.Marshal(hashes)
|
||||||
|
require.NoError(t, err)
|
||||||
|
p := Param{RawMessage: msg}
|
||||||
|
_, _, err = p.GetSignersWithWitnesses()
|
||||||
|
require.Error(t, err)
|
||||||
|
})
|
||||||
|
|
||||||
t.Run("bad format", func(t *testing.T) {
|
t.Run("bad format", func(t *testing.T) {
|
||||||
p := Param{RawMessage: []byte(`"not a signer"`)}
|
p := Param{RawMessage: []byte(`"not a signer"`)}
|
||||||
_, _, err := p.GetSignersWithWitnesses()
|
_, _, err := p.GetSignersWithWitnesses()
|
||||||
|
|
Loading…
Reference in a new issue