ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-12-06 17:27:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve transaction security

Browse Source 
* Check signatures of every transaction on every validator
* Remove obsolete code
* Check transaction status in submit/sign RPC handler
This commit is contained in:
JoelKatz
2014-09-18 14:16:48 -07:00
committed by Vinnie Falco
parent 5ce508e09d
commit b27e2aad07
3 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/ripple/overlay/impl/PeerImp.cpp
View File

@@ -937,7 +937,15 @@ PeerImp::on_message (std::shared_ptr <protocol::TMTransaction> const& m)
m_journal.debug << "Got transaction from peer " << *this << ": " << txID; m_journal.debug << "Got transaction from peer " << *this << ": " << txID;
if (m_clusterNode) if (m_clusterNode)
flags |= SF_TRUSTED | SF_SIGGOOD; {
flags |= SF_TRUSTED;
if (! getConfig().VALIDATION_PRIV.isSet())
{
// For now, be paranoid and have each validator
// check each transaction, regardless of source
flags |= SF_SIGGOOD;
}
}
if (getApp().getJobQueue().getJobCount(jtTRANSACTION) > 100) if (getApp().getJobQueue().getJobCount(jtTRANSACTION) > 100)
m_journal.info << "Transaction queue is full"; m_journal.info << "Transaction queue is full";

5
src/ripple/overlay/impl/handshake_analyzer.h
View File

@@ -1078,10 +1078,8 @@ private:
static void checkTransaction (Job&, int flags, SerializedTransaction::pointer stx, std::weak_ptr<Peer> peer) static void checkTransaction (Job&, int flags, SerializedTransaction::pointer stx, std::weak_ptr<Peer> peer)
{ {
#ifndef TRUST_NETWORK
try try
{ {
#endif
if (stx->isFieldPresent(sfLastLedgerSequence) && if (stx->isFieldPresent(sfLastLedgerSequence) &&
(stx->getFieldU32 (sfLastLedgerSequence) < (stx->getFieldU32 (sfLastLedgerSequence) <
@@ -1108,15 +1106,12 @@ private:
bool const trusted (flags & SF_TRUSTED); bool const trusted (flags & SF_TRUSTED);
getApp().getOPs ().processTransaction (tx, trusted, false, false); getApp().getOPs ().processTransaction (tx, trusted, false, false);
#ifndef TRUST_NETWORK
} }
catch (...) catch (...)
{ {
getApp().getHashRouter ().setFlag (stx->getTransactionID (), SF_BAD); getApp().getHashRouter ().setFlag (stx->getTransactionID (), SF_BAD);
charge (peer, Resource::feeInvalidRequest); charge (peer, Resource::feeInvalidRequest);
} }
#endif
} }
// Called from our JobQueue // Called from our JobQueue

10
src/ripple/rpc/handlers/Submit.cpp
View File

@@ -65,7 +65,7 @@ Json::Value doSubmit (RPC::Context& context)
try try
{ {
tpTrans = std::make_shared<Transaction> (stpTrans, false); tpTrans = std::make_shared<Transaction> (stpTrans, true);
} }
catch (std::exception& e) catch (std::exception& e)
{ {
@@ -75,6 +75,14 @@ Json::Value doSubmit (RPC::Context& context)
return jvResult; return jvResult;
} }
if (tpTrans->getStatus() != NEW)
{
jvResult[jss::error] = "invalidTransactions";
jvResult["error_exception"] = "fails local checks";
return jvResult;
}
try try
{ {
(void) context.netOps_.processTransaction ( (void) context.netOps_.processTransaction (