Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve validation of txprepare arguments #4259

Merged
merged 10 commits into from
Dec 8, 2020
Merged

Improve validation of txprepare arguments #4259

merged 10 commits into from
Dec 8, 2020

Commits on Dec 8, 2020

  1. pyln: Remove deprecated txprepare variant 

    We promised to deprecate the old "destination satoshi feerate utxos"
variant some time on mid-2020 so let's do just that. `txprepare`
doesn't parse it either anymore.

Changelog-Changed: pyln: `txprepare` no longer supports the deprecated `destination satoshi feerate utxos` call format.
    @cdecker
    cdecker committed Dec 8, 2020
    Configuration menu
    Copy the full SHA
    d78192f View commit details
    Browse the repository at this point in the history

  2. json: Add two param functions to parse string arrs and outpoint arrs 

    In a couple of places we accept arrays of strings and don't validate
them. If we forward them, e.g., call a JSON-RPC method from the
plugin, we end up embedding the unverified string in the JSON-RPC
call without escaping, which then leads to invalid JSON being passed
on.

This at least partially causes ElementsProject#4238
    @cdecker
    cdecker committed Dec 8, 2020
    Configuration menu
    Copy the full SHA
    a84d570 View commit details
    Browse the repository at this point in the history

  3. txprepare: Use param_outpoint_arr helper to validate input

    @cdecker
    cdecker committed Dec 8, 2020
    Configuration menu
    Copy the full SHA
    25d7158 View commit details
    Browse the repository at this point in the history

  4. cleanup: Remove stdio header from param.c

    @cdecker
    cdecker committed Dec 8, 2020
    Configuration menu
    Copy the full SHA
    23d1670 View commit details
    Browse the repository at this point in the history

  5. txprepare: Verify that outputs arg is an array 

    We were not checking that outputs is indeed an array, and just going
ahead creating the array of outputs. Since `tok->size` for a string is
0 we ended up ignoring the argument altogether and thus the created
transaction would end up only with a single change output.

Fixes ElementsProject#4258
    @cdecker
    cdecker committed Dec 8, 2020
    Configuration menu
    Copy the full SHA
    c6b0f15 View commit details
    Browse the repository at this point in the history

  6. pytest: Add a test to reproduce ElementsProject#4258

    @cdecker
    cdecker committed Dec 8, 2020
    Configuration menu
    Copy the full SHA
    e80f298 View commit details
    Browse the repository at this point in the history

  7. jsonrpc: Forward errors on malformed requests to cli 

    We were masquerading errors when parsing the request by reporting only
a bogus malformed `id` field in the response, when the real issue was
that we were unable to parse the request in the first place (which
caused the null-id error to be returned).

Fixes ElementsProject#4238
    @cdecker
    cdecker committed Dec 8, 2020
    Configuration menu
    Copy the full SHA
    2652fae View commit details
    Browse the repository at this point in the history

  8. cli: Add a JSON parsing sanity check before sending request 

    If some parameter is malformed on the command line we could end up
with a malformed JSON-RPC request, which would then result in very
unhelpful error messages.

Fixes ElementsProject#4238
Changelog-Changed: cli: `lightning-cli` now performs better sanity checks on the JSON-RPC requests it sends.
    @cdecker
    cdecker committed Dec 8, 2020
    Configuration menu
    Copy the full SHA
    067aff8 View commit details
    Browse the repository at this point in the history

  9. bitcoin/tx: fix type of outpoint (n is a u32), simplify json_to_outpoint 

    Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
    @rustyrussell @cdecker
    rustyrussell authored and cdecker committed Dec 8, 2020
    Configuration menu
    Copy the full SHA
    f7568ea View commit details
    Browse the repository at this point in the history

  10. common/json_tok: minor cleanup to bitcoin_outpoint array parsing. 

    No reason to use a temp var here.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
    @rustyrussell @cdecker
    rustyrussell authored and cdecker committed Dec 8, 2020
    Configuration menu
    Copy the full SHA
    859bb42 View commit details
    Browse the repository at this point in the history