Merge pull request #1610 from obscuren/address-check

xeth: added address hex check and length check

xeth/xeth.go

@@ -20,8 +20,10 @@ package xeth
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"math/big"
+	"regexp"
 	"sync"
 	"time"
 
@@ -45,6 +47,7 @@ var (
 	defaultGasPrice  = big.NewInt(10000000000000) //150000000000
 	defaultGas       = big.NewInt(90000)          //500000
 	dappStorePre     = []byte("dapp-")
+	addrReg          = regexp.MustCompile(`^(0x)?[a-fA-F0-9]{40}$`)
 )
 
 // byte will be inferred
@@ -878,6 +881,10 @@ func (self *XEth) Sign(fromStr, hashStr string, didUnlock bool) (string, error)
 	return common.ToHex(sig), nil
 }
 
+func isAddress(addr string) bool {
+	return addrReg.MatchString(addr)
+}
+
 func (self *XEth) Transact(fromStr, toStr, nonceStr, valueStr, gasStr, gasPriceStr, codeStr string) (string, error) {
 
 	// this minimalistic recoding is enough (works for natspec.js)
@@ -887,6 +894,10 @@ func (self *XEth) Transact(fromStr, toStr, nonceStr, valueStr, gasStr, gasPriceS
 		return "", err
 	}
 
+	if !isAddress(toStr) {
+		return "", errors.New("Invalid address")
+	}
+
 	var (
 		from             = common.HexToAddress(fromStr)
 		to               = common.HexToAddress(toStr)

xeth/xeth_test.go

@@ -0,0 +1,26 @@
+package xeth
+
+import "testing"
+
+func TestIsAddress(t *testing.T) {
+	for _, invalid := range []string{
+		"0x00",
+		"0xNN",
+		"0x00000000000000000000000000000000000000NN",
+		"0xAAar000000000000000000000000000000000000",
+	} {
+		if isAddress(invalid) {
+			t.Error("Expected", invalid, "to be invalid")
+		}
+	}
+
+	for _, valid := range []string{
+		"0x0000000000000000000000000000000000000000",
+		"0xAABBbbCCccff9900000000000000000000000000",
+		"AABBbbCCccff9900000000000000000000000000",
+	} {
+		if !isAddress(valid) {
+			t.Error("Expected", valid, "to be valid")
+		}
+	}
+}