From 8888bb499dec79258b1857b404d72f93650503f4 Mon Sep 17 00:00:00 2001 From: MarcoFalke <*~=`'#}+{/-|&$^_@721217.xyz> Date: Thu, 15 May 2025 21:36:36 +0200 Subject: [PATCH] rest: Reject + sign in /blockhashbyheight/ --- src/rest.cpp | 8 ++++---- test/functional/interface_rest.py | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/rest.cpp b/src/rest.cpp index 44984b360ff..b340567bd1b 100644 --- a/src/rest.cpp +++ b/src/rest.cpp @@ -962,8 +962,8 @@ static bool rest_blockhash_by_height(const std::any& context, HTTPRequest* req, std::string height_str; const RESTResponseFormat rf = ParseDataFormat(height_str, str_uri_part); - int32_t blockheight = -1; // Initialization done only to prevent valgrind false positive, see https://github.com/bitcoin/bitcoin/pull/18785 - if (!ParseInt32(height_str, &blockheight) || blockheight < 0) { + const auto blockheight{ToIntegral(height_str)}; + if (!blockheight || *blockheight < 0) { return RESTERR(req, HTTP_BAD_REQUEST, "Invalid height: " + SanitizeString(height_str)); } @@ -974,10 +974,10 @@ static bool rest_blockhash_by_height(const std::any& context, HTTPRequest* req, ChainstateManager& chainman = *maybe_chainman; LOCK(cs_main); const CChain& active_chain = chainman.ActiveChain(); - if (blockheight > active_chain.Height()) { + if (*blockheight > active_chain.Height()) { return RESTERR(req, HTTP_NOT_FOUND, "Block height out of range"); } - pblockindex = active_chain[blockheight]; + pblockindex = active_chain[*blockheight]; } switch (rf) { case RESTResponseFormat::BINARY: { diff --git a/test/functional/interface_rest.py b/test/functional/interface_rest.py index 0e294696b0e..ff766978840 100755 --- a/test/functional/interface_rest.py +++ b/test/functional/interface_rest.py @@ -271,6 +271,8 @@ class RESTTest (BitcoinTestFramework): # Check invalid blockhashbyheight requests resp = self.test_rest_request(f"/blockhashbyheight/{INVALID_PARAM}", ret_type=RetType.OBJ, status=400) assert_equal(resp.read().decode('utf-8').rstrip(), f"Invalid height: {INVALID_PARAM}") + resp = self.test_rest_request("/blockhashbyheight/+1", ret_type=RetType.OBJ, status=400) + assert_equal(resp.read().decode('utf-8').rstrip(), "Invalid height: 1") resp = self.test_rest_request("/blockhashbyheight/1000000", ret_type=RetType.OBJ, status=404) assert_equal(resp.read().decode('utf-8').rstrip(), "Block height out of range") resp = self.test_rest_request("/blockhashbyheight/-1", ret_type=RetType.OBJ, status=400)