Improve transaction security

* Check signatures of every transaction on every validator * Remove obsolete code * Check transaction status in submit/sign RPC handler
2025-12-06 17:27:52 +00:00 · 2014-09-18 14:16:48 -07:00
parent 5ce508e09d
commit b27e2aad07
3 changed files with 18 additions and 7 deletions
--- a/src/ripple/overlay/impl/PeerImp.cpp
+++ b/src/ripple/overlay/impl/PeerImp.cpp
@@ -937,7 +937,15 @@ PeerImp::on_message (std::shared_ptr <protocol::TMTransaction> const& m)
        m_journal.debug << "Got transaction from peer " << *this << ": " << txID;

        if (m_clusterNode)
-            flags |= SF_TRUSTED | SF_SIGGOOD;
+        {
+            flags |= SF_TRUSTED;
+            if (! getConfig().VALIDATION_PRIV.isSet())
+            {
+                // For now, be paranoid and have each validator
+                // check each transaction, regardless of source
+                flags |= SF_SIGGOOD;
+	    }
+	}

        if (getApp().getJobQueue().getJobCount(jtTRANSACTION) > 100)
            m_journal.info << "Transaction queue is full";
--- a/src/ripple/overlay/impl/handshake_analyzer.h
+++ b/src/ripple/overlay/impl/handshake_analyzer.h
@@ -1078,10 +1078,8 @@ private:

    static void checkTransaction (Job&, int flags, SerializedTransaction::pointer stx, std::weak_ptr<Peer> peer)
    {
-    #ifndef TRUST_NETWORK
        try
        {
-    #endif

            if (stx->isFieldPresent(sfLastLedgerSequence) &&
                (stx->getFieldU32 (sfLastLedgerSequence) <
@@ -1108,15 +1106,12 @@ private:
            bool const trusted (flags & SF_TRUSTED);
            getApp().getOPs ().processTransaction (tx, trusted, false, false);

-    #ifndef TRUST_NETWORK
        }
        catch (...)
        {
            getApp().getHashRouter ().setFlag (stx->getTransactionID (), SF_BAD);
            charge (peer, Resource::feeInvalidRequest);
        }
-
-    #endif
    }

    // Called from our JobQueue
--- a/src/ripple/rpc/handlers/Submit.cpp
+++ b/src/ripple/rpc/handlers/Submit.cpp
@@ -65,7 +65,7 @@ Json::Value doSubmit (RPC::Context& context)

    try
    {
-        tpTrans     = std::make_shared<Transaction> (stpTrans, false);
+        tpTrans     = std::make_shared<Transaction> (stpTrans, true);
    }
    catch (std::exception& e)
    {
@@ -75,6 +75,14 @@ Json::Value doSubmit (RPC::Context& context)
        return jvResult;
    }

+    if (tpTrans->getStatus() != NEW)
+    {
+        jvResult[jss::error]            = "invalidTransactions";
+        jvResult["error_exception"] = "fails local checks";
+
+        return jvResult;
+    }
+
    try
    {
        (void) context.netOps_.processTransaction (