From c848056438869ef7f52d70cb811ca9a3aa91f4a8 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Thu, 13 Apr 2017 15:18:58 -0400 Subject: [PATCH] rpc: better arg validation for /tx --- rpc/core/tx.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rpc/core/tx.go b/rpc/core/tx.go index e6e4e3dfe..e578a25bf 100644 --- a/rpc/core/tx.go +++ b/rpc/core/tx.go @@ -29,9 +29,13 @@ func Tx(hash []byte, height, index int, prove bool) (*ctypes.ResultTx, error) { deliverTx = r.DeliverTx } + if height <= 0 || height > blockStore.Height() { + return nil, fmt.Errorf("Invalid height (%d) for blockStore at height %d", height, blockStore.Height()) + } + block := blockStore.LoadBlock(height) - if index >= len(block.Data.Txs) { + if index < 0 || index >= len(block.Data.Txs) { return nil, fmt.Errorf("Index (%d) is out of range for block (%d) with %d txs", index, height, len(block.Data.Txs)) } tx := block.Data.Txs[index]