wallet: Fix non-determinism in ParseHDKeypath(...). Avoid using an uninitialized variable in path calculation.#13712
Merged
maflcko merged 2 commits intobitcoin:masterfrom Jul 19, 2018
Conversation
practicalswift
changed the title
practicalswift
changed the title
practicalswift
changed the title
Member
|
Would be nice if this was covered by a test case, no? |
practicalswift
force-pushed
the
check-ParseUInt32-return-value
branch
from
7893b01 to
f239417
Compare
Contributor
Author
|
@MarcoFalke Thanks for the quick review. I've now added some tests. This is the subset of the added tests that failed before the fix commit and passes after the fix commit: Please re-review :-) |
practicalswift
force-pushed
the
check-ParseUInt32-return-value
branch
from
f239417 to
44a5042
Compare
Empact
reviewed
Jul 19, 2018
src/wallet/rpcwallet.h
Outdated
Contributor
There was a problem hiding this comment.
Rather than declare it in the header, you could declare it extern in the test file.
practicalswift
force-pushed
the
check-ParseUInt32-return-value
branch
from
44a5042 to
7e788ff
Compare
practicalswift
force-pushed
the
check-ParseUInt32-return-value
branch
from
7e788ff to
27ee53c
Compare
Member
|
utACK 7223263 |
Member
|
utACK 7223263 |
Member
|
utACK 27ee53c |
1 similar comment
Member
|
utACK 27ee53c |
maflcko
pushed a commit
that referenced
this pull request
Jul 19, 2018
…id using an uninitialized variable in path calculation. 27ee53c wallet: Add error handling. Check return value of ParseUInt32(...) in ParseHDKeypath(...). (practicalswift) 7223263 wallet: Add tests for ParseHDKeypath(...) (practicalswift) Pull request description: Add error handling. Check return value of `ParseUInt32(...)` in `ParseHDKeypath(...)`. `ParseUInt32(...)` returns `false` if the entire string could not be parsed or when an overflow or underflow occurred. In such case the uninitialized variable `number` would be used in the calculation of `path` (prior to this commit). An example key path triggering this is `m/0/4294967296`: ``` ParseHDKeypath("m/0/4294967296", keypath); ``` `4294967296` is `1` + `0xFFFFFFFF` (`uint32_t` max: `4294967295`). Introduced in a4b06fb which was merged into `master` 14 hours ago as part of #13557 ("BIP 174 PSBT Serializations and RPCs"). Tree-SHA512: e5ff423f67c18d82c1231bde6343587a453e793c32004d93dc9b61be6d9372b57a6b2c9978d9eb1000d6cc82fd180f2486013f928dca737fb92daad22c16e467
Contributor
Author
|
@achow101 @MarcoFalke @sipa As reviewers of this bug fix you might be interested in reviewing PR #13815 which adds annotations (C++17-style |
maflcko
pushed a commit
that referenced
this pull request
Nov 15, 2018
… functions returning bool 9cc0230 Add NODISCARD to all {Decode,Parse}[...](...) functions returning bool. Sort includes. (practicalswift) 579497e tests: Explicitly ignore the return value of DecodeBase58(...) (practicalswift) 145fe95 tests: Check return value of ParseParameters(...) (practicalswift) 7c5bc2a miner: Default to DEFAULT_BLOCK_MIN_TX_FEE if unable to parse -blockmintxfee (practicalswift) Pull request description: Changes in this PR: * ~~Add linter to make sure the return value of `Parse[...](...)` is checked~~ * Add `__attribute__((warn_unused_result))` to all `{Decode,Parse}[...](...)` functions returning `bool` * Fix violations Context: * #13712: `wallet: Fix non-determinism in ParseHDKeypath(...). Avoid using an uninitialized variable in path calculation.` would have been prevented by this Tree-SHA512: 41a97899f2d5a26584235fa02b1ebfb4faacd81ea97e927022955a658fa7e15d07a1443b4b7635151a43259a1adf8f2f4de3c1c75d7b5f09f0d5496463a1dae6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add error handling. Check return value of
ParseUInt32(...)inParseHDKeypath(...).ParseUInt32(...)returnsfalseif the entire string could not be parsed or when an overflow or underflow occurred. In such case the uninitialized variablenumberwould be used in the calculation ofpath(prior to this commit).An example key path triggering this is
m/0/4294967296:4294967296is1+0xFFFFFFFF(uint32_tmax:4294967295).Introduced in a4b06fb which was merged into
master14 hours ago as part of #13557 ("BIP 174 PSBT Serializations and RPCs").