From 51f197bd84916c494e9250926776b9efc3225100 Mon Sep 17 00:00:00 2001
From: Fabian Jahr <fjahr@protonmail.com>
Date: Wed, 24 Jul 2024 00:13:22 +0200
Subject: [PATCH] Assumeutxo: Sanitize block height in assumeutxo metadata

---
 src/node/utxo_snapshot.h              |  3 +++
 test/functional/feature_assumeutxo.py | 17 +++++++++++------
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/src/node/utxo_snapshot.h b/src/node/utxo_snapshot.h
index a7c4135787958..52b751220c4f7 100644
--- a/src/node/utxo_snapshot.h
+++ b/src/node/utxo_snapshot.h
@@ -99,6 +99,9 @@ class SnapshotMetadata
         }
 
         s >> m_base_blockheight;
+        if (m_base_blockheight > static_cast<uint32_t>(std::numeric_limits<int>::max())) {
+            throw std::ios_base::failure("Block height is out of range.");
+        }
         s >> m_base_blockhash;
         s >> m_coins_count;
     }
diff --git a/test/functional/feature_assumeutxo.py b/test/functional/feature_assumeutxo.py
index 8f3a4fe133ffb..1cf2464058c3b 100755
--- a/test/functional/feature_assumeutxo.py
+++ b/test/functional/feature_assumeutxo.py
@@ -100,14 +100,19 @@ def expected_error(log_msg="", rpc_details=""):
         # The height is not used for anything critical currently, so we just
         # confirm the manipulation in the error message
         bogus_height = 1337
-        signed_overflow_height = 3275262676
         for bad_block_hash in [bogus_block_hash, prev_block_hash]:
-            for bad_height in [bogus_height, signed_overflow_height]:
-                with open(bad_snapshot_path, 'wb') as f:
-                    f.write(valid_snapshot_contents[:11] + bad_height.to_bytes(4, "little") + bytes.fromhex(bad_block_hash)[::-1] + valid_snapshot_contents[47:])
+            with open(bad_snapshot_path, 'wb') as f:
+                f.write(valid_snapshot_contents[:11] + bogus_height.to_bytes(4, "little") + bytes.fromhex(bad_block_hash)[::-1] + valid_snapshot_contents[47:])
+
+            msg = f"Unable to load UTXO snapshot: assumeutxo block hash in snapshot metadata not recognized (hash: {bad_block_hash}, height: {bogus_height}). The following snapshot heights are available: 110, 200, 299."
+            assert_raises_rpc_error(-32603, msg, node.loadtxoutset, bad_snapshot_path)
 
-                msg = f"Unable to load UTXO snapshot: assumeutxo block hash in snapshot metadata not recognized (hash: {bad_block_hash}, height: {bad_height}). The following snapshot heights are available: 110, 200, 299."
-                assert_raises_rpc_error(-32603, msg, node.loadtxoutset, bad_snapshot_path)
+        self.log.info("  - snapshot file referring to a block that is not in the assumeutxo parameters")
+        signed_overflow_height = 3275262676
+        with open(bad_snapshot_path, 'wb') as f:
+            f.write(valid_snapshot_contents[:11] + signed_overflow_height.to_bytes(4, "little") + bytes.fromhex(bad_block_hash)[::-1] + valid_snapshot_contents[47:])
+        msg = f"Unable to parse metadata: Block height is out of range."
+        assert_raises_rpc_error(-22, msg, node.loadtxoutset, bad_snapshot_path)
 
         self.log.info("  - snapshot file with wrong number of coins")
         valid_num_coins = int.from_bytes(valid_snapshot_contents[47:47 + 8], "little")