Git-Mirrors/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2025-01-08 07:27:52 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8084

Browse Source 
a4954a9 rpc: fix DoS vector in get_output_distribution (moneromooo-monero)
This commit is contained in:
luigi1111 2021-11-26 23:05:52 -06:00
commit dfb818a01b
No known key found for this signature in database
GPG Key ID: F4ACA0183641E010
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/rpc/core_rpc_server.cpp
View File

@ -3055,6 +3055,14 @@ namespace cryptonote
if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_OUTPUT_DISTRIBUTION>(invoke_http_mode::JON_RPC, "get_output_distribution", req, res, r)) if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_OUTPUT_DISTRIBUTION>(invoke_http_mode::JON_RPC, "get_output_distribution", req, res, r))
return r; return r;
const bool restricted = m_restricted && ctx;
if (restricted && req.amounts != std::vector<uint64_t>(1, 0))
{
error_resp.code = CORE_RPC_ERROR_CODE_RESTRICTED;
error_resp.message = "Restricted RPC can only get output distribution for rct outputs. Use your own node.";
return false;
}
size_t n_0 = 0, n_non0 = 0; size_t n_0 = 0, n_non0 = 0;
for (uint64_t amount: req.amounts) for (uint64_t amount: req.amounts)
if (amount) ++n_non0; else ++n_0; if (amount) ++n_non0; else ++n_0;
@ -3096,6 +3104,13 @@ namespace cryptonote
if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_OUTPUT_DISTRIBUTION>(invoke_http_mode::BIN, "/get_output_distribution.bin", req, res, r)) if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_OUTPUT_DISTRIBUTION>(invoke_http_mode::BIN, "/get_output_distribution.bin", req, res, r))
return r; return r;
const bool restricted = m_restricted && ctx;
if (restricted && req.amounts != std::vector<uint64_t>(1, 0))
{
res.status = "Restricted RPC can only get output distribution for rct outputs. Use your own node.";
return false;
}
size_t n_0 = 0, n_non0 = 0; size_t n_0 = 0, n_non0 = 0;
for (uint64_t amount: req.amounts) for (uint64_t amount: req.amounts)
if (amount) ++n_non0; else ++n_0; if (amount) ++n_non0; else ++n_0;