diff --git a/src/currency_core/currency_format_utils.cpp b/src/currency_core/currency_format_utils.cpp index ef6a4144..d185466b 100644 --- a/src/currency_core/currency_format_utils.cpp +++ b/src/currency_core/currency_format_utils.cpp @@ -3633,13 +3633,13 @@ namespace currency return true; } //------------------------------------------------------------------ + #define PASSWORD_REGEXP R"([A-Za-z0-9~!?@#$%^&*_+|{}\[\]()<>:;"'\-=\\/.,]{0,40})" bool validate_password(const std::string& password) { - static const std::string allowed_password_symbols = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~!?@#$%^&*_+|{}[]()<>:;\"'-=\\/.,"; - size_t n = password.find_first_not_of(allowed_password_symbols, 0); - return n == std::string::npos; + // OLD: static const std::string allowed_password_symbols = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~!?@#$%^&*_+|{}[]()<>:;\"'-=\\/.,"; + static std::regex password_regexp(PASSWORD_REGEXP); + return std::regex_match(password, password_regexp); } - //------------------------------------------------------------------ #define ANTI_OVERFLOW_AMOUNT 1000000 #define GET_PERECENTS_BIG_NUMBERS(per, total) (per/ANTI_OVERFLOW_AMOUNT)*100 / (total/ANTI_OVERFLOW_AMOUNT) @@ -4466,8 +4466,8 @@ namespace currency } } //------------------------------------------------------------------ -#define ASSET_TICKER_REGEXP "[A-Za-z0-9]{1,14}" -#define ASSET_FULL_NAME_REGEXP "[A-Za-z0-9.,:!?\\-() ]{0,400}" +#define ASSET_TICKER_REGEXP R"([A-Za-z0-9]{1,14})" +#define ASSET_FULL_NAME_REGEXP R"([A-Za-z0-9.,:!?\-() ]{0,400})" bool validate_asset_ticker(const std::string& ticker) { static std::regex asset_ticker_regexp(ASSET_TICKER_REGEXP); diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp index 3c5eb1ec..a95f604b 100644 --- a/src/simplewallet/simplewallet.cpp +++ b/src/simplewallet/simplewallet.cpp @@ -591,6 +591,12 @@ bool simple_wallet::try_connect_to_daemon() //---------------------------------------------------------------------------------------------------- bool simple_wallet::new_wallet(const string &wallet_file, const std::string& password, bool create_auditable_wallet) { + if (!currency::validate_password(password)) + { + fail_msg_writer() << R"(Provided password contains invalid characters. Only letters, numbers and ~!?@#$%^&*_+|{}[]()<>:;"'-=\/., symbols are allowed.)" << ENDL; + return false; + } + m_wallet_file = wallet_file; m_wallet.reset(new tools::wallet2()); @@ -2090,6 +2096,13 @@ bool simple_wallet::deploy_new_asset(const std::vector &args) fail_msg_writer() << "Failed to load json file with asset specification: " << args[0]; return true; } + + if (!validate_asset_ticker_and_full_name(adb)) + { + fail_msg_writer() << "ticker or full_name are invalid (perhaps they contain invalid symbols)"; + return true; + } + tx_destination_entry td = AUTO_VAL_INIT(td); td.addr.push_back(m_wallet->get_account().get_public_address()); td.amount = adb.current_supply; @@ -3474,7 +3487,7 @@ int main(int argc, char* argv[]) //runs wallet with console interface sw->set_offline_mode(offline_mode); r = sw->init(vm); - CHECK_AND_ASSERT_MES(r, 1, "Failed to initialize wallet"); + CHECK_AND_ASSERT_MES(r, EXIT_FAILURE, "Failed to initialize wallet"); if (command_line::get_arg(vm, arg_generate_new_wallet).size() || command_line::get_arg(vm, arg_generate_new_auditable_wallet).size()) return EXIT_FAILURE; diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index f688cc16..aa611bb1 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -5544,6 +5544,7 @@ void wallet2::fill_adb_version_based_onhardfork(currency::asset_descriptor_base& void wallet2::deploy_new_asset(const currency::asset_descriptor_base& asset_info, const std::vector& destinations, currency::finalized_tx& ft, crypto::public_key& new_asset_id) { WLT_THROW_IF_FALSE_WALLET_CMN_ERR_EX(asset_info.decimal_point <= 18, "too big decimal point: " << (int)asset_info.decimal_point); + WLT_THROW_IF_FALSE_WALLET_CMN_ERR_EX(validate_asset_ticker_and_full_name(asset_info), "ticker or full_name are invalid (perhaps they contain invalid symbols)"); asset_descriptor_operation asset_reg_info{}; fill_ado_version_based_onhardfork(asset_reg_info); diff --git a/tests/core_tests/multiassets_test.cpp b/tests/core_tests/multiassets_test.cpp index a82e2afc..bef240c0 100644 --- a/tests/core_tests/multiassets_test.cpp +++ b/tests/core_tests/multiassets_test.cpp @@ -900,7 +900,7 @@ bool asset_emission_and_unconfirmed_balance::c1(currency::core& c, size_t ev_ind asset_descriptor_base adb{}; adb.total_max_supply = UINT64_MAX; - adb.full_name = "2**64"; + adb.full_name = "2 xx 64"; adb.ticker = "2POWER64"; std::vector destinations;