rest: Reject negative outpoint index in getutxos parsing

2025-01-10 03:47:29 -03:00 · 2024-07-12 17:48:40 +02:00 · 2024-07-12 17:48:40 +02:00 · fab54db9f1
commit fab54db9f1
parent 4d6af61d87
2 changed files with 8 additions and 4 deletions
--- a/src/rest.cpp
+++ b/src/rest.cpp
@ -788,14 +788,15 @@ static bool rest_getutxos(const std::any& context, HTTPRequest* req, const std::
        for (size_t i = (fCheckMemPool) ? 1 : 0; i < uriParts.size(); i++)
        {
            int32_t nOutput;
            std::string strTxid = uriParts[i].substr(0, uriParts[i].find('-'));
            std::string strOutput = uriParts[i].substr(uriParts[i].find('-')+1);
            auto output{ToIntegral<uint32_t>(strOutput)};
-            if (!ParseInt32(strOutput, &nOutput) || !IsHex(strTxid))
+            if (!output || !IsHex(strTxid)) {
                return RESTERR(req, HTTP_BAD_REQUEST, "Parse error");
            }
-            vOutPoints.emplace_back(TxidFromString(strTxid), (uint32_t)nOutput);
+            vOutPoints.emplace_back(TxidFromString(strTxid), *output);
        }
        if (vOutPoints.size() > 0)
--- a/test/functional/interface_rest.py
+++ b/test/functional/interface_rest.py
@ -201,10 +201,13 @@ class RESTTest (BitcoinTestFramework):
        json_obj = self.test_rest_request(f"/getutxos/checkmempool/{spending[0]}-{spending[1]}")
        assert_equal(len(json_obj['utxos']), 1)
-        # Do some invalid requests
+        self.log.info("Check some invalid requests")
        self.test_rest_request("/getutxos", http_method='POST', req_type=ReqType.JSON, body='{"checkmempool', status=400, ret_type=RetType.OBJ)
        self.test_rest_request("/getutxos", http_method='POST', req_type=ReqType.BIN, body='{"checkmempool', status=400, ret_type=RetType.OBJ)
        self.test_rest_request("/getutxos/checkmempool", http_method='POST', req_type=ReqType.JSON, status=400, ret_type=RetType.OBJ)
        self.test_rest_request(f"/getutxos/{spending[0]}_+1", ret_type=RetType.OBJ, status=400)
        self.test_rest_request(f"/getutxos/{spending[0]}-+1", ret_type=RetType.OBJ, status=400)
        self.test_rest_request(f"/getutxos/{spending[0]}--1", ret_type=RetType.OBJ, status=400)
        # Test limits
        long_uri = '/'.join([f"{txid}-{n_}" for n_ in range(20)])