Permalink
Browse files

Reject non-canonically-encoded sizes

  • Loading branch information...
Tranz5 committed Aug 21, 2014
1 parent 7924048 commit 70ecab0c842b375f174bbde92d6d2f4162b4e461
Showing with 6 additions and 7 deletions.
  1. +0 −7 src/main.cpp
  2. +6 −0 src/serialize.h
@@ -3497,20 +3497,13 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv)
{
vector<uint256> vWorkQueue;
vector<uint256> vEraseQueue;
CDataStream vMsg(vRecv);
CTxDB txdb("r");
CTransaction tx;
vRecv >> tx;
CInv inv(MSG_TX, tx.GetHash());
pfrom->AddInventoryKnown(inv);
// Truncate messages to the size of the tx in them
unsigned int nSize = ::GetSerializeSize(tx,SER_NETWORK, PROTOCOL_VERSION);
if (nSize < vMsg.size()){
vMsg.resize(nSize);
}
bool fMissingInputs = false;
if (tx.AcceptToMemoryPool(txdb, true, &fMissingInputs))
{
@@ -225,18 +225,24 @@ uint64 ReadCompactSize(Stream& is)
unsigned short xSize;
READDATA(is, xSize);
nSizeRet = xSize;
if (nSizeRet < 253)
THROW_WITH_STACKTRACE(std::ios_base::failure("non-canonical ReadCompactSize()"));
}
else if (chSize == 254)
{
unsigned int xSize;
READDATA(is, xSize);
nSizeRet = xSize;
if (nSizeRet < 0x10000u)
THROW_WITH_STACKTRACE(std::ios_base::failure("non-canonical ReadCompactSize()"));
}
else
{
uint64 xSize;
READDATA(is, xSize);
nSizeRet = xSize;
if (nSizeRet < 0x100000000LLu)
THROW_WITH_STACKTRACE(std::ios_base::failure("non-canonical ReadCompactSize()"));
}
if (nSizeRet > (uint64)MAX_SIZE)
THROW_WITH_STACKTRACE(std::ios_base::failure("ReadCompactSize() : size too large"));

0 comments on commit 70ecab0

Please sign in to comment.