From cf7cef4293cf1b1a9b393f1030f8c8e648c2975b Mon Sep 17 00:00:00 2001
From: Jeffrey Wilcke <geffobscura@gmail.com>
Date: Fri, 7 Aug 2015 09:52:12 +0200
Subject: xeth: added address hex check and length check

---
 xeth/xeth.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'xeth/xeth.go')

diff --git a/xeth/xeth.go b/xeth/xeth.go
index 5d54c1f7e..372068c14 100644
--- a/xeth/xeth.go
+++ b/xeth/xeth.go
@@ -20,8 +20,10 @@ package xeth
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"math/big"
+	"regexp"
 	"sync"
 	"time"
 
@@ -45,6 +47,7 @@ var (
 	defaultGasPrice  = big.NewInt(10000000000000) //150000000000
 	defaultGas       = big.NewInt(90000)          //500000
 	dappStorePre     = []byte("dapp-")
+	addrReg          = regexp.MustCompile(`^(0x)?[a-fA-F0-9]{40}$`)
 )
 
 // byte will be inferred
@@ -878,6 +881,10 @@ func (self *XEth) Sign(fromStr, hashStr string, didUnlock bool) (string, error)
 	return common.ToHex(sig), nil
 }
 
+func isAddress(addr string) bool {
+	return addrReg.MatchString(addr)
+}
+
 func (self *XEth) Transact(fromStr, toStr, nonceStr, valueStr, gasStr, gasPriceStr, codeStr string) (string, error) {
 
 	// this minimalistic recoding is enough (works for natspec.js)
@@ -887,6 +894,10 @@ func (self *XEth) Transact(fromStr, toStr, nonceStr, valueStr, gasStr, gasPriceS
 		return "", err
 	}
 
+	if !isAddress(toStr) {
+		return "", errors.New("Invalid address")
+	}
+
 	var (
 		from             = common.HexToAddress(fromStr)
 		to               = common.HexToAddress(toStr)
-- 
cgit v1.2.3