Browse Source

stricter tx deserialization: forbid junk at the end

3.2.x
SomberNight 7 years ago
parent
commit
71ce7cce6d
No known key found for this signature in database GPG Key ID: B33B5F232C6271E9
  1. 7
      lib/transaction.py

7
lib/transaction.py

@ -103,6 +103,11 @@ class BCDataStream(object):
except IndexError: except IndexError:
raise SerializationError("attempt to read past end of buffer") raise SerializationError("attempt to read past end of buffer")
def can_read_more(self) -> bool:
if not self.input:
return False
return self.read_cursor < len(self.input)
def read_boolean(self): return self.read_bytes(1)[0] != chr(0) def read_boolean(self): return self.read_bytes(1)[0] != chr(0)
def read_int16(self): return self._read_num('<h') def read_int16(self): return self._read_num('<h')
def read_uint16(self): return self._read_num('<H') def read_uint16(self): return self._read_num('<H')
@ -568,6 +573,8 @@ def deserialize(raw: str, force_full_parse=False) -> dict:
txin = d['inputs'][i] txin = d['inputs'][i]
parse_witness(vds, txin, full_parse=full_parse) parse_witness(vds, txin, full_parse=full_parse)
d['lockTime'] = vds.read_uint32() d['lockTime'] = vds.read_uint32()
if vds.can_read_more():
raise SerializationError('extra junk at the end')
return d return d

Loading…
Cancel
Save