aljaz/lightning
1
0
Fork 0
mirror of https://github.com/aljazceru/lightning.git synced 2025-12-19 23:24:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

json: Add two param functions to parse string arrs and outpoint arrs

Browse Source 
In a couple of places we accept arrays of strings and don't validate
them. If we forward them, e.g., call a JSON-RPC method from the
plugin, we end up embedding the unverified string in the JSON-RPC
call without escaping, which then leads to invalid JSON being passed
on.

This at least partially causes #4238
This commit is contained in:
Christian Decker
2020-12-04 11:24:14 +01:00
committed by Rusty Russell
parent eacc54646f
commit 32000b6660
6 changed files with 78 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
common/json_helpers.c
View File

@@ -93,6 +93,31 @@ bool json_to_txid(const char *buffer, const jsmntok_t *tok,
tok->end - tok->start, txid);
}
bool json_to_outpoint(const char *buffer, const jsmntok_t *tok,
struct bitcoin_outpoint *op)
{
size_t len = tok->end - tok->start;
char str[len + 1];
if (len < 66)
return NULL;
memcpy(str, buffer+tok->start, len);
str[len] = 0x00;
if (str[64] != ':')
return NULL;
if (!bitcoin_txid_from_hex(str, 64, &op->txid))
return false;
op->n = atoi(str + 65);
if (op->n < 0)
return false;
return true;
}
bool json_to_channel_id(const char *buffer, const jsmntok_t *tok,
struct channel_id *cid)
{