supplying invalid blinding factors to rawblindrawtransaction causes node to crash #540
Description
if invalid value blinder is supplied, this assert is triggered:
Line 517 in dd1623a
if invalid asset blinder is supplied, this CHECK() in secp256k1 is triggered:
Triggered with this small patch to qa/rpc-tests/confidential_transactions.py (tested on 0.14.1 branch, but the failing code is the same on master. to trigger first case, you just put ab in place of value blinder, not asset blinder as in this patch):
diff --git a/qa/rpc-tests/confidential_transactions.py b/qa/rpc-tests/confidential_transactions.py
index 61393fc6e..93c7b5cc5 100755
--- a/qa/rpc-tests/confidential_transactions.py
+++ b/qa/rpc-tests/confidential_transactions.py
@@ -470,6 +470,12 @@ class CTTest (BitcoinTestFramework):
except JSONRPCException:
pass
+ try:
+ ab = 'FF'*32
+ blindtx = self.nodes[0].rawblindrawtransaction(rawtx, [unspent[0]["blinder"], unspent[1]["blinder"]], [unspent[0]["amount"], unspent[1]["amount"]], [unspent[0]["asset"], unspent[1]["asset"]], [unspent[0]["assetblinder"], ab])
+ except JSONRPCException as e:
+ print(e)
+
blindtx = self.nodes[0].rawblindrawtransaction(rawtx, [unspent[0]["blinder"], unspent[1]["blinder"]], [unspent[0]["amount"], unspent[1]["amount"]], [unspent[0]["asset"], unspent[1]["asset"]], [unspent[0]["assetblinder"], unspent[1]["assetblinder"]])
signtx = self.nodes[0].signrawtransaction(blindtx)
txid = self.nodes[0].sendrawtransaction(signtx["hex"])
While the impact of the bug is not very serious, as this can only be triggered with authenticated rpc request and results only in node crash, I believe the crash is not correct response to invalid user input.
First case can be fixed by checking ret and returning failure, instead of dying on assert.
But the second case is not that easy, and would require checking that a given blinder represents valid scalar before passing it to secp256k1_generator_generate_blinded. I did not find appropriate function in secp256k1 that would allow to check this condition before passing the data to secp256k1_generator_generate_blinded.