electrum

Electrum Bitcoin wallet
git clone https://git.parazyd.org/electrum
Log | Files | Refs | Submodules

commit e059867314ad8cdc8f29b33cfa179f2df77b8fc2
parent a266de6735c5be059f78ae42e23af3c07fe80c22
Author: SomberNight <somber.night@protonmail.com>
Date:   Wed, 14 Nov 2018 16:04:43 +0100

paymentrequest: be explicit about only allowing "addresses"

Diffstat:
Melectrum/paymentrequest.py | 11+++++++++--
Melectrum/transaction.py | 5+++--
Melectrum/util.py | 11++++-------
3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/electrum/paymentrequest.py b/electrum/paymentrequest.py @@ -132,8 +132,12 @@ class PaymentRequest: self.details.ParseFromString(self.data.serialized_payment_details) self.outputs = [] for o in self.details.outputs: - addr = transaction.get_address_from_output_script(o.script)[1] - self.outputs.append(TxOutput(TYPE_ADDRESS, addr, o.amount)) + type_, addr = transaction.get_address_from_output_script(o.script) + if type_ != TYPE_ADDRESS: + # TODO maybe rm restriction but then get_requestor and get_id need changes + self.error = "only addresses are allowed as outputs" + return + self.outputs.append(TxOutput(type_, addr, o.amount)) self.memo = self.details.memo self.payment_url = self.details.payment_url @@ -195,6 +199,9 @@ class PaymentRequest: verify = pubkey0.verify(sigBytes, x509.PREFIX_RSA_SHA256 + hashBytes) elif paymntreq.pki_type == "x509+sha1": verify = pubkey0.hashAndVerify(sigBytes, msgBytes) + else: + self.error = f"ERROR: unknown pki_type {paymntreq.pki_type} in Payment Request" + return False if not verify: self.error = "ERROR: Invalid Signature for Payment Request Data" return False diff --git a/electrum/transaction.py b/electrum/transaction.py @@ -1030,9 +1030,10 @@ class Transaction: if outputs: self._outputs.sort(key = lambda o: (o.value, self.pay_script(o.type, o.address))) - def serialize_output(self, output: TxOutput) -> str: + @classmethod + def serialize_output(cls, output: TxOutput) -> str: s = int_to_hex(output.value, 8) - script = self.pay_script(output.type, output.address) + script = cls.pay_script(output.type, output.address) s += var_int(len(script)//2) s += script return s diff --git a/electrum/util.py b/electrum/util.py @@ -444,8 +444,7 @@ def assert_str(*args): assert isinstance(x, str) - -def to_string(x, enc): +def to_string(x, enc) -> str: if isinstance(x, (bytes, bytearray)): return x.decode(enc) if isinstance(x, str): @@ -453,7 +452,8 @@ def to_string(x, enc): else: raise TypeError("Not a string or bytes like object") -def to_bytes(something, encoding='utf8'): + +def to_bytes(something, encoding='utf8') -> bytes: """ cast string to bytes() like object, but for python2 support it's bytearray copy """ @@ -471,16 +471,13 @@ bfh = bytes.fromhex hfu = binascii.hexlify -def bh2u(x): +def bh2u(x: bytes) -> str: """ str with hex representation of a bytes-like object >>> x = bytes((1, 2, 10)) >>> bh2u(x) '01020A' - - :param x: bytes - :rtype: str """ return hfu(x).decode('ascii')