mirror of
https://git.wownero.com/wownero/wownero-puddle.git
synced 2024-08-15 01:03:20 +00:00
add some input validation
This commit is contained in:
parent
40bf2eb99c
commit
bdaaad39c8
4 changed files with 97 additions and 17 deletions
|
@ -100,6 +100,4 @@ would be very much appreciated.
|
|||
|
||||
Please see the [LICENSE](./LICENSE) file.
|
||||
|
||||
<!--
|
||||
vim: tw=80
|
||||
-->
|
||||
[//]: # ( vim: set tw=80: )
|
||||
|
|
84
src/pool.c
84
src/pool.c
|
@ -1762,12 +1762,30 @@ client_clear_jobs(client_t *client)
|
|||
}
|
||||
}
|
||||
|
||||
static void
|
||||
send_validation_error(const client_t *client, const char *message)
|
||||
{
|
||||
struct evbuffer *output = bufferevent_get_output(client->bev);
|
||||
char *body = stratum_new_error_body(client->json_id, message);
|
||||
evbuffer_add(output, body, strlen(body));
|
||||
log_debug("Validation error: %s", message);
|
||||
free(body);
|
||||
}
|
||||
|
||||
static void
|
||||
client_on_login(json_object *message, client_t *client)
|
||||
{
|
||||
struct evbuffer *output = bufferevent_get_output(client->bev);
|
||||
json_object *params = json_object_object_get(message, "params");
|
||||
const char *address = json_object_get_string(json_object_object_get(params, "login"));
|
||||
json_object *params = NULL;
|
||||
if (!json_object_object_get_ex(message, "params", ¶ms))
|
||||
return send_validation_error(client, "No params");
|
||||
|
||||
json_object *login = NULL;
|
||||
if (!json_object_object_get_ex(params, "login", &login))
|
||||
return send_validation_error(client, "No login");
|
||||
if (!json_object_is_type(login, json_type_string))
|
||||
return send_validation_error(client, "login not a string");
|
||||
const char *address = json_object_get_string(login);
|
||||
if (!address)
|
||||
{
|
||||
char *body = stratum_new_error_body(client->json_id, "Invalid login address");
|
||||
|
@ -1784,7 +1802,13 @@ client_on_login(json_object *message, client_t *client)
|
|||
free(body);
|
||||
return;
|
||||
}
|
||||
const char *worker_id = json_object_get_string(json_object_object_get(params, "pass"));
|
||||
|
||||
json_object *pass = NULL;
|
||||
if (!json_object_object_get_ex(params, "pass", &pass))
|
||||
return send_validation_error(client, "No pass");
|
||||
if (!json_object_is_type(pass, json_type_string))
|
||||
return send_validation_error(client, "pass not a string");
|
||||
const char *worker_id = json_object_get_string(pass);
|
||||
if (!worker_id)
|
||||
{
|
||||
char *body = stratum_new_error_body(client->json_id, "No password supplied");
|
||||
|
@ -1792,12 +1816,18 @@ client_on_login(json_object *message, client_t *client)
|
|||
free(body);
|
||||
return;
|
||||
}
|
||||
const char *agent = json_object_get_string(json_object_object_get(params, "agent"));
|
||||
|
||||
json_object *agent_ob = NULL;
|
||||
if (json_object_object_get_ex(params, "agent", &agent_ob))
|
||||
{
|
||||
const char *agent = json_object_get_string(agent_ob);
|
||||
if (agent)
|
||||
{
|
||||
strncpy(client->agent, agent, 255);
|
||||
client->is_proxy = strstr(agent, "proxy") != NULL ? true : false;
|
||||
}
|
||||
}
|
||||
|
||||
strncpy(client->address, address, sizeof(client->address));
|
||||
strncpy(client->worker_id, worker_id, sizeof(client->worker_id));
|
||||
uuid_t cid;
|
||||
|
@ -1812,16 +1842,48 @@ static void
|
|||
client_on_submit(json_object *message, client_t *client)
|
||||
{
|
||||
struct evbuffer *output = bufferevent_get_output(client->bev);
|
||||
|
||||
json_object *params = json_object_object_get(message, "params");
|
||||
const uint32_t nonce = ntohl(strtol(json_object_get_string(
|
||||
json_object_object_get(params, "nonce")), NULL, 16));
|
||||
const char *result_hex = json_object_get_string(
|
||||
json_object_object_get(params, "result"));
|
||||
const char *job_id = json_object_get_string(
|
||||
json_object_object_get(params, "job_id"));
|
||||
if (params == NULL)
|
||||
return send_validation_error(client, "No params");
|
||||
if (!json_object_is_type(params, json_type_object))
|
||||
return send_validation_error(client, "params not an object");
|
||||
|
||||
json_object *nonce_ob = json_object_object_get(params, "nonce");
|
||||
if (nonce_ob == NULL)
|
||||
return send_validation_error(client, "No nonce");
|
||||
if (!json_object_is_type(nonce_ob, json_type_string))
|
||||
return send_validation_error(client, "nonce not a string");
|
||||
char *endptr = NULL;
|
||||
const char *nptr = json_object_get_string(nonce_ob);
|
||||
errno = 0;
|
||||
long int li = strtol(nptr, &endptr, 16);
|
||||
if (errno != 0 || nptr == endptr)
|
||||
return send_validation_error(client, "nonce not a long int");
|
||||
errno = 0;
|
||||
const uint32_t nonce = ntohl(li);
|
||||
|
||||
json_object *result_ob = json_object_object_get(params, "result");
|
||||
if (result_ob == NULL)
|
||||
return send_validation_error(client, "No result");
|
||||
if (!json_object_is_type(result_ob, json_type_string))
|
||||
return send_validation_error(client, "result not a string");
|
||||
const char *result_hex = json_object_get_string(result_ob);
|
||||
if (strlen(result_hex) != 64)
|
||||
return send_validation_error(client, "result invalid length");
|
||||
if (is_hex_string(result_hex) != 0)
|
||||
return send_validation_error(client, "result not hex string");
|
||||
|
||||
json_object *job_id_ob = json_object_object_get(params, "job_id");
|
||||
if (job_id_ob == NULL)
|
||||
return send_validation_error(client, "No job_id");
|
||||
if (!json_object_is_type(job_id_ob, json_type_string))
|
||||
return send_validation_error(client, "job_id not a string");
|
||||
const char *job_id = json_object_get_string(job_id_ob);
|
||||
if (strlen(job_id) != 32)
|
||||
return send_validation_error(client, "job_id invalid length");
|
||||
|
||||
job_t *job = client_find_job(client, job_id);
|
||||
|
||||
if (job == NULL)
|
||||
{
|
||||
char *body = stratum_new_error_body(client->json_id, "Invalid job_id");
|
||||
|
|
19
src/util.c
19
src/util.c
|
@ -36,9 +36,28 @@
|
|||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
#include <ctype.h>
|
||||
|
||||
#include "util.h"
|
||||
|
||||
int
|
||||
is_hex_string(const char *str)
|
||||
{
|
||||
if (strlen(str) == 0)
|
||||
return -1;
|
||||
const char *cp = str;
|
||||
while (*cp)
|
||||
{
|
||||
if (!isxdigit(*cp))
|
||||
{
|
||||
printf("not hex: %c\n", *cp);
|
||||
return -2;
|
||||
}
|
||||
cp++;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
void
|
||||
hex_to_bin(const char *hex, char *bin, size_t bin_size)
|
||||
{
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
#ifndef UTIL_H
|
||||
#define UTIL_H
|
||||
|
||||
int is_hex_string(const char *str);
|
||||
void hex_to_bin(const char *hex, char *bin, size_t bin_size);
|
||||
void bin_to_hex(const char *bin, size_t bin_size, char *hex);
|
||||
void reverse_hex(char *hex, size_t len);
|
||||
|
|
Loading…
Reference in a new issue