tfix: sanitize outputs - electrum - Electrum Bitcoin wallet HTML git clone https://git.parazyd.org/electrum DIR Log DIR Files DIR Refs DIR Submodules --- DIR commit 38a6747eff4d8202c7a7a9b65f1c54f7341d7c6e DIR parent 0673df9176455303ed749777672bcb52d2f18591 HTML Author: ThomasV <thomasv@gitorious> Date: Fri, 6 Jun 2014 07:48:08 +0200 fix: sanitize outputs Diffstat: M gui/qt/main_window.py | 16 ++++++++++++++-- M gui/qt/paytoedit.py | 25 ++++++++----------------- M lib/paymentrequest.py | 3 --- M lib/wallet.py | 2 +- 4 files changed, 23 insertions(+), 23 deletions(-) --- DIR diff --git a/gui/qt/main_window.py b/gui/qt/main_window.py t@@ -797,10 +797,22 @@ class ElectrumWindow(QMainWindow): if self.gui_object.payment_request: outputs = self.gui_object.payment_request.outputs - amount = self.gui_object.payment_request.get_amount() else: outputs = self.payto_e.get_outputs() - amount = sum(map(lambda x:x[1], outputs)) + + if not outputs: + QMessageBox.warning(self, _('Error'), _('No outputs'), _('OK')) + return + + for addr, x in outputs: + if addr is None or not bitcoin.is_address(addr): + QMessageBox.warning(self, _('Error'), _('Invalid Bitcoin Address'), _('OK')) + return + if type(x) is not int: + QMessageBox.warning(self, _('Error'), _('Invalid Amount'), _('OK')) + return + + amount = sum(map(lambda x:x[1], outputs)) try: fee = self.fee_e.get_amount() DIR diff --git a/gui/qt/paytoedit.py b/gui/qt/paytoedit.py t@@ -41,6 +41,7 @@ class PayToEdit(QTextEdit): self.setMaximumHeight(27) self.c = None self.textChanged.connect(self.check_text) + self.outputs = [] def lock_amount(self): self.amount_edit.setFrozen(True) t@@ -88,8 +89,15 @@ class PayToEdit(QTextEdit): self.payto_address = self.parse_address(lines[0]) except: pass + if self.payto_address: self.unlock_amount() + try: + amount = self.amount_edit.get_amount() + except: + amount = None + + self.outputs = [(self.payto_address, amount)] return for line in lines: t@@ -115,24 +123,7 @@ class PayToEdit(QTextEdit): self.unlock_amount() - def get_outputs(self): - - if self.payto_address: - - if not bitcoin.is_address(self.payto_address): - QMessageBox.warning(self, _('Error'), _('Invalid Bitcoin Address') + ':\n' + self.payto_address, _('OK')) - return - - try: - amount = self.amount_edit.get_amount() - except Exception: - QMessageBox.warning(self, _('Error'), _('Invalid Amount'), _('OK')) - return - - outputs = [(self.payto_address, amount)] - return outputs - return self.outputs DIR diff --git a/lib/paymentrequest.py b/lib/paymentrequest.py t@@ -57,9 +57,6 @@ class PaymentRequest: self.outputs = [] self.error = "" - def get_amount(self): - return sum(map(lambda x:x[1], self.outputs)) - def verify(self): u = urlparse.urlparse(self.url) DIR diff --git a/lib/wallet.py b/lib/wallet.py t@@ -118,7 +118,7 @@ class WalletStorage: with self.lock: if value is not None: self.data[key] = value - else: + elif key in self.data: self.data.pop(key) if save: self.write()