Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Master various reported fixes #713

Merged
merged 10 commits into from
Jul 5, 2019
Merged

Master various reported fixes #713

merged 10 commits into from
Jul 5, 2019

Conversation

Doy-lee
Copy link
Collaborator

@Doy-lee Doy-lee commented Jul 5, 2019

No description provided.

moneromooo-monero and others added 10 commits July 5, 2019 12:17
@moneromooo-monero @Doy-lee
epee: basic sanity check on allocation size from untrusted source
6654f9a 
Reported by guidov
@anonimal @Doy-lee
cryptonote_protocol_handler: prevent potential DoS
bf91e47 
Essentially, one can send such a large amount of IDs that core exhausts
all free memory. This issue can theoretically be exploited using very
large CN blockchains, such as Monero.

This is a partial fix. Thanks and credit given to CryptoNote author
'cryptozoidberg' for collaboration and the fix. Also thanks to
'moneromooo'. Referencing HackerOne report #506595.
@moneromooo-monero @Doy-lee
cryptonote_protocol: expand basic DoS protection
eeb4460 
Count transactions as well
@moneromooo-monero @Doy-lee
serialization: fail on read_varint error
95809b4
@moneromooo-monero @Doy-lee
tree-hash: allocate variable memory on heap, not stack
1e78869 
Large amounts might run out of stack

Reported by guidov
@moneromooo-monero @Doy-lee
serialization: check stream good flag at the end
e23371a 
just in case
@moneromooo-monero @Doy-lee
ensure no NULL is passed to memcpy
236f76d 
NULL is valid when size is 0, but memcpy uses nonnull attributes,
so let's not poke the bear
@moneromooo-monero @Doy-lee
rpc: restrict the recent cutoff size in restricted RPC mode
5462778
@Doy-lee
Drop connection when requesting duplicated tx indexes (oxen-io#637)
8d87842 
* Drop connection when requesting duplicated tx indexes

* Use insert's returned iterator to dupe check
@Doy-lee
Fix cherry-pick merge failure in core_rpc_server
c0af642
@Doy-lee Doy-lee force-pushed the MasterVariousReportedFixes branch from 5b3c5ed to c0af642 Compare July 5, 2019 03:42
@Doy-lee Doy-lee merged commit 7aa63c1 into oxen-io:master Jul 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Doy-lee @moneromooo-monero @anonimal