RanchiMall/fcoin
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix potential dos vectors. tests.

Browse Source
This commit is contained in:
Christopher Jeffrey 2016-05-31 21:26:58 -07:00
parent c7b47f59fd
commit 293f9c5dc5
No known key found for this signature in database
GPG Key ID: 8962AB9DE6666BBD
7 changed files with 93 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/bcoin/keyring.js
View File

@ -612,11 +612,12 @@ KeyRing.fromRaw = function fromRaw(data) {
var change = p.readU32();
var index = p.readU32();
var key = p.readVarBytes();
var keys = new Array(p.readU8());
var count = p.readU8();
var keys = [];
var i;
for (i = 0; i < keys.length; i++)
keys[i] = p.readVarBytes();
for (i = 0; i < count; i++)
keys.push(p.readVarBytes());
return new KeyRing({
nework: network,

20
lib/bcoin/merkleblock.js
View File

@ -170,8 +170,8 @@ MerkleBlock.prototype.extractTree = function extractTree() {
var indexes = [];
var map = {};
var failed = false;
var hashes = new Array(this.hashes.length);
var bits = new Array(this.flags.length * 8);
var hashes = [];
var flags = this.flags;
var totalTX = this.totalTX;
var height = 0;
var root, p;
@ -183,12 +183,13 @@ MerkleBlock.prototype.extractTree = function extractTree() {
function traverse(height, pos) {
var parent, hash, left, right, txid;
if (bitsUsed >= bits.length) {
if (bitsUsed >= flags.length * 8) {
failed = true;
return constants.ZERO_HASH;
}
parent = bits[bitsUsed++];
parent = (flags[bitsUsed / 8 | 0] >>> (bitsUsed % 8)) & 1;
bitsUsed++;
if (height === 0 || !parent) {
if (hashUsed >= hashes.length) {
@ -217,11 +218,8 @@ MerkleBlock.prototype.extractTree = function extractTree() {
return utils.dsha256(Buffer.concat([left, right]));
}
for (p = 0; p < hashes.length; p++)
hashes[p] = new Buffer(this.hashes[p], 'hex');
for (p = 0; p < bits.length; p++)
bits[p] = +((this.flags[p / 8 | 0] & (1 << (p % 8))) !== 0);
for (p = 0; p < this.hashes.length; p++)
hashes.push(new Buffer(this.hashes[p], 'hex'));
if (totalTX === 0)
return;
@ -232,7 +230,7 @@ MerkleBlock.prototype.extractTree = function extractTree() {
if (hashes.length > totalTX)
return;
if (bits.length < hashes.length)
if (flags.length * 8 < hashes.length)
return;
height = 0;
@ -244,7 +242,7 @@ MerkleBlock.prototype.extractTree = function extractTree() {
if (failed)
return;
if (((bitsUsed + 7) / 8 | 0) !== ((bits.length + 7) / 8 | 0))
if (((bitsUsed + 7) / 8 | 0) !== flags.length)
return;
if (hashUsed !== hashes.length)

23
lib/bcoin/protocol/parser.js
View File

@ -655,10 +655,10 @@ Parser.parseMerkleBlock = function parseMerkleBlock(p) {
hashCount = p.readVarint();
hashes = new Array(hashCount);
hashes = [];
for (i = 0; i < hashCount; i++)
hashes[i] = p.readHash('hex');
hashes.push(p.readHash('hex'));
flags = p.readVarBytes();
@ -969,7 +969,7 @@ Parser.parseCoin = function parseCoin(p, extended) {
*/
Parser.parseTX = function parseTX(p) {
var inCount, inputs;
var inCount, inputs, input;
var outCount, outputs;
var version, locktime, i;
var raw, size, witnessSize;
@ -984,15 +984,16 @@ Parser.parseTX = function parseTX(p) {
version = p.readU32(); // Technically signed
inCount = p.readVarint();
inputs = new Array(inCount);
inputs = [];
for (i = 0; i < inCount; i++) {
inputs[i] = Parser.parseInput(p);
inputs[i].witness = { items: [] };
input = Parser.parseInput(p);
input.witness = { items: [] };
inputs.push(input);
}
outCount = p.readVarint();
outputs = new Array(outCount);
outputs = [];
for (i = 0; i < outCount; i++)
outputs[i] = Parser.parseOutput(p);
@ -1063,16 +1064,16 @@ Parser.parseWitnessTX = function parseWitnessTX(p) {
throw new Error('Invalid witness tx (flag == 0)');
inCount = p.readVarint();
inputs = new Array(inCount);
inputs = [];
for (i = 0; i < inCount; i++)
inputs[i] = Parser.parseInput(p);
inputs.push(Parser.parseInput(p));
outCount = p.readVarint();
outputs = new Array(outCount);
outputs = [];
for (i = 0; i < outCount; i++)
outputs[i] = Parser.parseOutput(p);
outputs.push(Parser.parseOutput(p));
p.start();

6
lib/bcoin/scrypt.js
View File

@ -49,6 +49,12 @@ var utils = require('./utils');
function scrypt(passwd, salt, N, r, p, len) {
var i, B, V, XY;
if (typeof passwd === 'string')
passwd = new Buffer(passwd, 'utf8');
if (typeof salt === 'string')
salt = new Buffer(salt, 'utf8');
if (r * p >= (1 << 30))
throw new Error('EFBIG');

7
lib/bcoin/wallet.js
View File

@ -2317,11 +2317,12 @@ Account.parseRaw = function parseRaw(data) {
var receiveDepth = p.readU32();
var changeDepth = p.readU32();
var accountKey = bcoin.hd.PublicKey.fromRaw(p.readBytes(82));
var keys = new Array(p.readU8());
var count = p.readU8();
var keys = [];
var i;
for (i = 0; i < keys.length; i++)
keys[i] = bcoin.hd.PublicKey.fromRaw(p.readBytes(82));
for (i = 0; i < count; i++)
keys.push(bcoin.hd.PublicKey.fromRaw(p.readBytes(82)));
return {
network: network.type,

37
test/scrypt-test.js Normal file
View File

@ -0,0 +1,37 @@
var assert = require('assert');
var scrypt = require('../lib/bcoin/scrypt');
describe('Scrypt', function() {
it('should perform scrypt with N=16', function() {
var result = scrypt('', '', 16, 1, 1, 64);
assert.equal(result.toString('hex'), ''
+ '77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3f'
+ 'ede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628'
+ 'cf35e20c38d18906');
});
it('should perform scrypt with N=1024', function() {
var result = scrypt('password', 'NaCl', 1024, 8, 16, 64)
assert.equal(result.toString('hex'), ''
+ 'fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e773'
+ '76634b3731622eaf30d92e22a3886ff109279d9830dac727afb9'
+ '4a83ee6d8360cbdfa2cc0640');
});
it('should perform scrypt with N=16384', function() {
var result = scrypt('pleaseletmein', 'SodiumChloride', 16384, 8, 1, 64);
assert.equal(result.toString('hex'), ''
+ '7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b54'
+ '3f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d'
+ '651e40dfcf017b45575887');
});
// Only enable if you want to wait a while.
// it('should perform scrypt with N=1048576', function() {
// var result = scrypt('pleaseletmein', 'SodiumChloride', 1048576, 8, 1, 64);
// assert.equal(result.toString('hex'), ''
// + '2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5'
// + 'ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049'
// + 'e8a952fbcbf45c6fa77a41a4');
// });
});

40
test/tx-test.js
View File

@ -155,6 +155,27 @@ describe('TX', function() {
assert(coolest.verify(null, true, constants.flags.VERIFY_NONE));
});
it('should parse witness tx properly', function() {
clearCache(wtx, nocache);
assert.equal(wtx.inputs.length, 5);
assert.equal(wtx.outputs.length, 1980);
assert(wtx.hasWitness());
assert.notEqual(wtx.hash('hex'), wtx.witnessHash('hex'));
assert.equal(wtx.witnessHash('hex'),
'088c919cd8408005f255c411f786928385688a9e8fdb2db4c9bc3578ce8c94cf');
assert.equal(wtx.getSize(), 62138);
assert.equal(wtx.getVirtualSize(), 61813);
assert.equal(wtx.getCost(), 247250);
var raw1 = wtx.render();
clearCache(wtx, true);
var raw2 = wtx.render();
assert.deepEqual(raw1, raw2);
var wtx2 = bcoin.tx.fromRaw(raw2);
clearCache(wtx2, nocache);
assert.equal(wtx.hash('hex'), wtx2.hash('hex'));
assert.equal(wtx.witnessHash('hex'), wtx2.witnessHash('hex'));
});
function parseTest(data) {
var coins = data[0];
var tx = bcoin.tx.fromRaw(data[1], 'hex');
@ -626,23 +647,4 @@ describe('TX', function() {
assert.equal(block.getReward(), -1);
});
});
it('should parse witness tx properly', function() {
assert.equal(wtx.inputs.length, 5);
assert.equal(wtx.outputs.length, 1980);
assert(wtx.hasWitness());
assert.notEqual(wtx.hash('hex'), wtx.witnessHash('hex'));
assert.equal(wtx.witnessHash('hex'),
'088c919cd8408005f255c411f786928385688a9e8fdb2db4c9bc3578ce8c94cf');
assert.equal(wtx.getSize(), 62138);
assert.equal(wtx.getVirtualSize(), 61813);
assert.equal(wtx.getCost(), 247250);
var raw1 = wtx.render();
clearCache(wtx, true);
var raw2 = wtx.render();
assert.deepEqual(raw1, raw2);
var wtx2 = bcoin.tx.fromRaw(raw2);
assert.equal(wtx.hash('hex'), wtx2.hash('hex'));
assert.equal(wtx.witnessHash('hex'), wtx2.witnessHash('hex'));
});
});