Skip to content

Commit

Permalink
merge bitcoin#23213: Return error when header count is not integral
Browse files Browse the repository at this point in the history
  • Loading branch information
kwvg committed Oct 8, 2024
1 parent eb9e208 commit 0188d32
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 6 deletions.
12 changes: 7 additions & 5 deletions src/rest.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -188,18 +188,19 @@ static bool rest_headers(const CoreContext& context,
if (path.size() != 2)
return RESTERR(req, HTTP_BAD_REQUEST, "No header count specified. Use /rest/headers/<count>/<hash>.<ext>.");

long count = strtol(path[0].c_str(), nullptr, 10);
if (count < 1 || count > 2000)
const auto parsed_count{ToIntegral<size_t>(path[0])};
if (!parsed_count.has_value() || *parsed_count < 1 || *parsed_count > 2000) {
return RESTERR(req, HTTP_BAD_REQUEST, "Header count out of range: " + path[0]);
}

std::string hashStr = path[1];
uint256 hash;
if (!ParseHashStr(hashStr, hash))
return RESTERR(req, HTTP_BAD_REQUEST, "Invalid hash: " + hashStr);

const CBlockIndex* tip = nullptr;
std::vector<const CBlockIndex *> headers;
headers.reserve(count);
std::vector<const CBlockIndex*> headers;
headers.reserve(*parsed_count);
{
ChainstateManager* maybe_chainman = GetChainman(context, req);
if (!maybe_chainman) return false;
Expand All @@ -210,8 +211,9 @@ static bool rest_headers(const CoreContext& context,
const CBlockIndex* pindex = chainman.m_blockman.LookupBlockIndex(hash);
while (pindex != nullptr && active_chain.Contains(pindex)) {
headers.push_back(pindex);
if (headers.size() == (unsigned long)count)
if (headers.size() == *parsed_count) {
break;
}
pindex = active_chain.Next(pindex);
}
}
Expand Down
7 changes: 7 additions & 0 deletions test/functional/interface_rest.py
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,13 @@ def run_test(self):
json_obj = self.test_rest_request("/headers/5/{}".format(bb_hash))
assert_equal(len(json_obj), 5) # now we should have 5 header objects

# Test number parsing
for num in ['5a', '-5', '0', '2001', '99999999999999999999999999999999999']:
assert_equal(
bytes(f'Header count out of range: {num}\r\n', 'ascii'),
self.test_rest_request(f"/headers/{num}/{bb_hash}", ret_type=RetType.BYTES, status=400),
)

self.log.info("Test tx inclusion in the /mempool and /block URIs")

# Make 3 tx and mine them on node 1
Expand Down
1 change: 0 additions & 1 deletion test/lint/lint-locale-dependence.sh
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,6 @@ export LC_ALL=C
KNOWN_VIOLATIONS=(
"src/bitcoin-tx.cpp.*stoul"
"src/dbwrapper.cpp:.*vsnprintf"
"src/rest.cpp:.*strtol"
"src/test/dbwrapper_tests.cpp:.*snprintf"
"src/test/fuzz/locale.cpp"
"src/test/fuzz/string.cpp"
Expand Down

0 comments on commit 0188d32

Please sign in to comment.