Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when parsing HTTP request #1772

Closed
1 of 17 tasks
abitmore opened this issue May 24, 2019 · 1 comment
Closed
1 of 17 tasks

Error when parsing HTTP request #1772

abitmore opened this issue May 24, 2019 · 1 comment
Assignees
@pmconrad
Labels
2d Developing Status indicating currently designing and developing a solution 3d Bug Classification indicating the existing implementation does not match the intention of the design 6 CLI Impact flag identifying the command line interface (CLI) wallet application
Milestone
3.2.0 - Feature R...

Comments

@abitmore
Copy link
Member

Bug Description
Lack of boundary check when parsing HTTP request: https://github.com/bitshares/bitshares-fc/blob/579914c84d7bf7dd5a57ad890b4690c033fac697/src/network/http/http_connection.cpp#L153, which can crash cli_wallet via HTTP JSON-RPC interface if enabled.

Impacts
Describe which portion(s) of BitShares Core may be impacted by this bug. Please tick at least one box.

  • API (the application programming interface)
  • Build (the build process or something prior to compiled code)
  • CLI (the command line wallet)
  • Deployment (the deployment process after building such as Docker, Travis, etc.)
  • DEX (the Decentralized EXchange, market engine, etc.)
  • P2P (the peer-to-peer network for transaction/block propagation)
  • Performance (system or user efficiency, etc.)
  • Protocol (the blockchain logic, consensus, validation, etc.)
  • Security (the security of system or user data, etc.)
  • UX (the User Experience)
  • Other (please add below)

Steps To Reproduce
Steps to reproduce the behavior (example outlined below):

  1. Execute API call '...'
  2. Using JSON payload '...'
  3. Received response '...'
  4. See error in screenshot

CORE TEAM TASK LIST

  • Evaluate / Prioritize Bug Report
  • Refine User Stories / Requirements
  • Define Test Cases
  • Design / Develop Solution
  • Perform QA/Testing
  • Update Documentation
@abitmore abitmore added 3d Bug Classification indicating the existing implementation does not match the intention of the design 6 CLI Impact flag identifying the command line interface (CLI) wallet application labels May 24, 2019
@abitmore abitmore added this to the 3.2.0 - Feature Release milestone May 24, 2019
@pmconrad pmconrad self-assigned this May 28, 2019
@pmconrad pmconrad added the 2d Developing Status indicating currently designing and developing a solution label May 28, 2019
pmconrad added a commit that referenced this issue May 28, 2019
@pmconrad
Fix #1772 by decprecating cli_wallet -H
827068c
@pmconrad
Copy link
Contributor

Fixed via #1782

@pmconrad pmconrad mentioned this issue Jun 20, 2019
Closed
@nathanielhourt nathanielhourt mentioned this issue Sep 3, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pmconrad pmconrad

Labels
2d Developing Status indicating currently designing and developing a solution 3d Bug Classification indicating the existing implementation does not match the intention of the design 6 CLI Impact flag identifying the command line interface (CLI) wallet application
Projects
None yet
Milestone
3.2.0 - Feature Release
Development

No branches or pull requests
2 participants
@pmconrad @abitmore