From 9febe260c36bdd3680f26234a6f1013709e319d0 Mon Sep 17 00:00:00 2001
From: ckolivas <kernel@kolivas.org>
Date: Sat, 30 Jan 2016 08:54:54 +1100
Subject: [PATCH] Check nonce, nonce2 and ntime are valid hex in parse_submit

---
 src/stratifier.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/stratifier.c b/src/stratifier.c
index 88c84285..41535334 100644
--- a/src/stratifier.c
+++ b/src/stratifier.c
@@ -5183,19 +5183,19 @@ static json_t *parse_submit(stratum_instance_t *client, json_t *json_msg,
 		goto out;
 	}
 	nonce2 = (char *)json_string_value(json_array_get(params_val, 2));
-	if (unlikely(!nonce2 || !strlen(nonce2))) {
+	if (unlikely(!nonce2 || !strlen(nonce2) || !validhex(nonce2))) {
 		err = SE_NO_NONCE2;
 		*err_val = JSON_ERR(err);
 		goto out;
 	}
 	ntime = json_string_value(json_array_get(params_val, 3));
-	if (unlikely(!ntime || !strlen(ntime))) {
+	if (unlikely(!ntime || !strlen(ntime) || !validhex(ntime))) {
 		err = SE_NO_NTIME;
 		*err_val = JSON_ERR(err);
 		goto out;
 	}
 	nonce = json_string_value(json_array_get(params_val, 4));
-	if (unlikely(!nonce || !strlen(nonce))) {
+	if (unlikely(!nonce || !strlen(nonce) || !validhex(nonce))) {
 		err = SE_NO_NONCE;
 		*err_val = JSON_ERR(err);
 		goto out;